On October 10, 2018 at 15:55 SNaslund@medline.com (Naslund, Steve) wrote:
The entire point of the CVV has become useless. Recently my wife was talking to an airline ticket agent on the phone (American Airlines) and one of the things they ask for on the phone is the CVV. If you are going to read that all out over the phone with all the other data you are completely vulnerable to fraud. It would be trivial to implement a system where you make a charge over the phone like that and get a text asking you to authorize it instead of asking for a CVV.
I'm pretty sure the "entire point" of inventing CVV was to prove you physically have the card. For example someone dumpster-diving a restaurant etc particularly in the old imprint days when this was dreamed up wouldn't have the CVV or at least not from that source. Many merchant contracts' fees are based on whether you do sales on physical cards (lower) vs not like online. I don't know off-hand how that's affected by verifying the CVV online, I suspect it's mostly used online to avoid certain kinds of fraud for all the other reasons. We're very careful with CVVs as per contract agreement and they don't go near the database, only used during the verification and gone when the app fork exits. Credit card fraud is, to the processors, a game of percentages and cost/benefit. Sure one could have the CVV w/o the card, these days a big hazard are service people (e.g., restaurants) who can trivially snap both sides of your card with their phone, they often take your card away and come back later with the receipts and your card. In Europe and probably elsewhere it's very common for them to process your card with a hand-held device right in front of you which would make that more difficult. But any proposal to improve cc security has to reflect the cost/benefit across millions of transactions. If one isn't working with that data then they're only guessing. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*