On June 9, 2012 at 12:12 web@typo.org (Wayne E Bouchard) wrote:
The main weakness of CVV2 these days is "form history" in browsers. (auto complete). Now, if someone can get ont your PC, they not only get the credit card number (which there are myriad different ways to get) but the CVV as well so that mechanism is, now, all but useless.
Oh c'mon, all but useless? Look at all the ifs/ands/buts. They need access to your form history which actually is useless if the merchant's form just uses a password-type field, etc. Yeah, a lot of these techniques are useless if your computer etc is completely pwned. But they help if you're not. Credit card fraud prevention is all about percentages, not absolutes. Even just requiring a valid credit card number and expiration date and nothing else probably prevents, I dunno, 98%+ of all potential fraud, probably 99%+. The rest is about squeezing down that last percentage point or two and generally discouraging crooks from trying. One of the PITA frauds credit card companies deal with is someone in the household, like your teenage kid, taking your card physically out of your wallet and using it w/o your permissin and then you call in when you see the bill that you never ordered $100 from iTunes or bought any cool sneakers at the mall. That's probably more common than a lot of the other frauds you imagine. A lot of these techniques at least prove that *someone* had your card physically if they suspect this was not fraud but, rather, "unauthorized use". People will also try to deny charges they simply regret, like a night at a bar with strippers particularly that one in the blue hot pants, who the h*** KNEW she got $300 for a lap dance and $50/glass for the Kristal, doesn't seem fair not fair at all...it's some backpressure. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*