On 09-Jun-12 09:14, Joel Maslak wrote:
On Jun 9, 2012, at 1:06 AM, Hal Murray <hmurray@megapathdsl.net> wrote:
Should I really take them seriously? Your call.
That said, the purpose of CVV is to stop *one* type of fraud - it's to stop a skimmer from being able to do mail-order/internet-order with your card number. The CVV is not on the magnetic strip, so a skimmer installed at the ATM or gas pump won't be able to capture it.
This is CVV2; it is printed (but not embossed) on the card but not on the magstripe. This is requested by online merchants to "prove" that the card is in the customer's possession, since it won't show up on carbons, receipts, etc. and in theory will never be stored by any merchant (unlike the account number, expiration date, etc.). .
There's a similar value on the magnetic strip that keeps the internet site you gave your card number and CVV to from being able to print cards and use them at the gas pump.
This is CVV1; it is on the magstripe but not printed on the card; this is how brick-and-mortar merchants can "prove" that your card was in the merchant's possession ("card present"), i.e. swiped rather than entered by hand.
Certainly they don't stop all fraud. They stop one type of fraud.
The two codes are targeted at very different types of fraud. What they have in common is that submitting either a CVV1 or CVV2 number enables merchants to get a better discount rate on their transactions. Given the low margins in many industries, this can make the difference between making a profit and losing money on a sale, which is why many merchants refuse transactions without CVV1 or CVV2. Merchants in industries with higher margins often don't care; they'll submit CVV1 or CVV2 when convenient, but they won't let not having them block the sale. S -- Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking