Regex for CVV — Pattern Explained with Examples

The Card Verification Value (CVV) or Card Verification Code (CVC) is a security feature for credit and debit card transactions. This pattern validates that the input is a 3 or 4 digit numeric code matching the format used by card networks.

The Pattern

/^\d{3,4}$/

Pattern Breakdown

Matches

• 123
• 999
• 000
• 1234
• 0000

Does NOT Match

• 12
• 12345
• abc
• 12 3
• 123a
• twelve

Language Examples

JavaScript

const cvvRegex = /^\d{3,4}$/;
console.log(cvvRegex.test('123'));  // true
console.log(cvvRegex.test('1234')); // true
console.log(cvvRegex.test('12'));   // false

Python

import re
pattern = r'^\d{3,4}$'
print(bool(re.match(pattern, '123')))   # True
print(bool(re.match(pattern, '1234')))  # True
print(bool(re.match(pattern, '12')))    # False

Common Pitfalls

• American Express uses 4-digit CVV codes while Visa, Mastercard, and Discover use 3-digit codes — a 3–4 digit pattern covers both but does not validate by card type
• Do not store CVV values in your database — PCI DSS regulations prohibit storing CVV codes after authorization
• CVV validation is structural only and cannot verify that the code matches the actual card number — verification requires a payment gateway
• Client-side CVV validation is useful for UX but must be repeated server-side for security
• Leading zeros are valid CVV values (e.g., 001) and should not be stripped or rejected

Real-World Use Cases

• Payment form validation — provide immediate user feedback if the CVV field contains non-numeric characters
• POS terminal input — validate scanned or manually entered CVV codes before sending to the payment processor
• Card tokenization services — ensure CVV format is correct before forwarding to the issuing bank for verification

FAQ

Related Patterns

Regex for Credit Card Regex for Numbers