CVV numbers

Sat Jun 9 14:56:52 UTC 2012

On Jun 9, 2012, at 7:14 AM, Lynda wrote:

> On 6/9/2012 12:06 AM, Hal Murray wrote:
>> 
>> In response to my comment about:
>> 
>>> If I'm not supposed to not "tell anyone", why is it even printed where I can
>>> read it?
>> 
>> (Sorry for the extra not in there.)
> 
> The CVV number is simply to prove that the card is in your possession. The percentage of the sale that goes to Amex/Visa/Mastercard/Discover (etc) is determined by whether the merchant can supply various items, and the CVV is one of them. Running the card physically (where the merchant touches your card, and presumably verifies that you are you) gets taxed the lowest. The CVV is just meant to replace that verification. Sort of. I disapprove *strongly* of any online merchant that does not request this simple item, but it's not magic.
> 

How does having the CVV number prove the card is in my possession?

I have memorized the CVV in addition to the 16 digits of the cards I commonly use and routinely enter them into online ordering without retrieving the card.

What prevents a fraudster from writing the CVV down along with the other card data?

Sure, the CVV (in the case of CVV2) may not be included in the computer-readable mag-stripe or in swipe transactions, but I really don't see how CVV does anything to prove physical possession of the card at the time of the transaction (or at any time, in fact).

>> I got an off list suggestion of:
>>   http://www.cvvnumber.com/
>> 
>> It looks reasonable.
>> 
>> But then, whois for cvvnumber.com says:
> 
>> Registrant:
>>    Domains By Proxy, LLC
> 
>> Should I really take them seriously?
> 
> No. No you should not. Here's the canonical Wikipedia entry, for those still playing along.
> 
> http://en.wikipedia.org/wiki/Luhn_algorithm

Luhn seems to apply to the check digit (last of the (usually) 16 digits) on the face of the credit card
and not to the CVV value.

Owen