On Sat, Jun 09, 2012 at 02:18:15PM -0400, Alexandre Carmel-Veilleux wrote:
On 2012-06-09, at 10:56, Owen DeLong <owen@delong.com> wrote:
How does having the CVV number prove the card is in my possession?
It doesn't, it merely proves you must have handled the card physically at some point since storing that value in a database is forbidden.
Verified by Visa and the MasterCard equivalent actually "prove" that you are the rightful card holder. Unlike CVV numbers, they actually exempt the merchant from chargebacks (or did circa 2003).
Alex
Before the days of online transactions, how many people even knew a portion of their CC let alone the verification tag? The main weakness of CVV2 these days is "form history" in browsers. (auto complete). Now, if someone can get ont your PC, they not only get the credit card number (which there are myriad different ways to get) but the CVV as well so that mechanism is, now, all but useless. Add to that the fact online merchants don't even have to appear in the same country, let alone region, and the "location of purchase relative to the home residence of the user" doesn't mean much either so can't act as an effective secondary if the information were to be captured. Just like all other forms of security and fraud protection that we in the online community try to enable, eventually something comes along that makes the job a lot harder. Having these mechanisms is better than not having them but there will never be a perfect system. -Wayne --- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/