Slash Crosses $150m in Annual Revenue

Learn more

Code 82: CVV Validation Error

Security code mismatch

Decline Code 82: What 'CVV Validation Error' Means & How to Fix It

Decline code 82 means the CVV, CVC, iCVV, or dCVV value associated with the card failed validation against the issuing bank's records. If the cause is a data entry error, it behaves as a soft decline and can be resolved with a corrected retry. If the card itself is the problem, whether damaged, cloned, or compromised, it functions as a hard decline and a different card is needed.

What Does Decline Code 82 Mean?

Every card carries a security code that the issuing bank validates on transactions where the physical card isn't present or where additional authentication is required. When that code doesn't match what the bank has on file, the transaction fails and code 82 comes back.

What most people think of as the CVV is just one version of this security credential. The specific value being validated depends on how the transaction is being processed. A manual entry online uses the printed CVV2 or CVC2. A chip card transaction uses an iCVV generated by the chip itself. A contactless or NFC tap uses a dynamic dCVV that changes with each transaction. Code 82 can fire on any of these.

The majority of code 82 declines are simple entry errors. The more concerning cases involve a chip that's been tampered with or a contactless token that isn't generating the right dynamic value.

Code 82 vs. Code 63: What's the Difference?

Both codes involve security failures but they're not the same thing.

Code 82 is specific. It points directly to a CVV, iCVV, or dCVV validation failure. The security code didn't match and that's the identified reason for the decline.

Code 63 is broader. It covers any security violation, which can include a CVV failure but also encompasses AVS mismatches, failed 3D Secure authentication, and other security check failures where the bank declines without specifying exactly which check failed.

A code 82 gives you more precise information to act on. A code 63 requires a bit more investigation to identify what actually went wrong.

Common Causes of a Decline Code 82

  • Wrong CVV2 entered during online checkout. One incorrect digit in the three or four character security code fails the validation. The most common cause by a wide margin.
  • Worn or damaged card making the CVV unreadable. A card where the security code has faded or been scratched off can lead to incorrect entries or failed reads.
  • dCVV mismatch on a contactless NFC transaction. Contactless payments generate a dynamic security value for each tap. If something goes wrong with that generation, the validation fails.
  • Chip card iCVV mismatch. The chip generates its own security value for each transaction. A mismatch here can indicate a cloned or tampered card since a cloned magnetic stripe won't generate the correct iCVV that the chip would.
  • Customer using an old card whose CVV was updated by the bank. When a bank reissues a card, the CVV on the new card may be different from the old one. A customer entering the security code from memory based on their old card will fail validation.

How Merchants Should Handle Decline Code 82

  1. Ask the customer to re-enter their CVV carefully. For most cards it's the three-digit code on the back. For Amex it's the four-digit code on the front. A calm "could you double-check your security code?" is enough.
  2. Allow one retry with corrected information. A single careful re-entry covers the most common cause, which is a simple typo.
  3. If the failure persists, ask for an alternate payment method. A second CVV failure on the same card suggests the issue goes beyond a typo. Continuing to retry risks flagging the account for suspicious activity and won't resolve a problem that's with the card itself.
  4. Do not store or log the CVV entered. This is a PCI compliance requirement without exception. CVV data cannot be retained after a transaction attempt regardless of whether it succeeded or failed.

Frequently Asked Questions About Decline Code 82

What is the difference between CVV, CVV2, CVC, iCVV, and dCVV? They're all versions of the same concept, a security value tied to the card, but they operate differently. CVV2 and CVC2 are the static codes printed on the card used for card-not-present transactions. iCVV is a value generated by the chip for each chip-read transaction, different from the printed CVV2 specifically to detect cloned cards. dCVV is a dynamic value generated for each contactless or NFC transaction that changes every time the card is tapped. All of them are validated by the issuing bank and a mismatch on any of them can return a code 82.

Can I retry after a code 82 decline? Once, with corrected information. If the customer is confident they've entered the right CVV and it still fails, the issue is likely with the card rather than the entry. A second failure is the signal to stop and ask for a different card. Repeated CVV failures on the same card can trigger fraud flags on the account, making a manageable situation harder to recover.

Does code 82 mean my card has been cloned? Not necessarily, but it can indicate it. A cloned magnetic stripe will produce the wrong iCVV when read as a chip transaction because the chip's dynamic security value can't be replicated by simply copying the stripe data. If you're seeing code 82 on a chip transaction where the customer is certain their card is legitimate, that's worth flagging to the issuing bank. For online transactions a code 82 is more likely a typo than evidence of compromise.

How is code 82 different from code 63? Code 82 specifically identifies a CVV or security code validation failure. Code 63 is a broader security violation that can include a CVV failure but also covers AVS mismatches, 3D Secure failures, and other security checks. If you receive a code 82, you know the security code is the issue. If you receive a code 63, the cause could be any of several security checks and requires a bit more investigation to pin down.

Related Decline Codes

Code 82 sits in the security validation space. These related codes cover adjacent authentication failures:

  • Code 63 — Security Violation. The broader security failure code. Can include CVV issues alongside AVS mismatches and 3D Secure failures.
  • Code 05 — Do Not Honor. The catch-all decline, sometimes used when repeated security failures trigger a broader block.
  • Code 14 — Invalid Card Number. The card number itself doesn't validate, a different failure from the security code.
  • Code 55 — Incorrect PIN. A PIN authentication failure rather than a CVV validation failure.
  • Code 59 — Suspected Fraud. The bank flagged the transaction for fraud, which can follow repeated security failures.
  • Code 51 — Insufficient Funds. A balance issue with no security implication.
  • Code 54 — Expired Card. The card's expiration date has passed, which can sometimes accompany a CVV mismatch on reissued cards.
  • Code 41 — Lost Card. Hard decline. Card reported lost. Do not retry.

What to do when your card is declined

Quick steps to resolve card declines and complete your transaction.

1

Contact your card issuer.

Call your bank using the number on the back of your card to understand the specific reason for the decline.

2

Verify your payment details.

Double-check your card number, expiration date, CVV, and billing address for any errors.

3

Try a different payment method.

If the decline persists, use an alternative card or payment option to complete your transaction.

Other
decline codes

Apply in less than 10 minutes today

Join the 5,000+ businesses already using Slash.

Discover more insights