Adrian Sanabria of 451 Security posted a detailed explanation of two different security codes for a credit card: one that we are asked for when paying online or over the phone (card-not-present transactions) and another that is used when the card is actually swiped (card-present transactions). The card-not-present security code is printed on the card; the other one is stored in the card’s magnetic strip.
This is a confusing topic because different terms for both security codes are used interchangeably by merchants, payment service providers, and even card brands themselves. The most resent example of confusion was Target.
It is a somewhat lengthy read but well worth your time: Better understanding of the Target breach through Credit Card anatomy
Adrian not only explains which is which but also provides several examples of both types of security codes for several different payment cards. Those examples show that the two always have different values used for different purposes.