CVV numbers

Barry Shein bzs at world.std.com
Sat Jun 9 19:30:55 UTC 2012


On June 9, 2012 at 12:12 web at typo.org (Wayne E Bouchard) wrote:
 > 
 > The main weakness of CVV2 these days is "form history" in browsers.
 > (auto complete). Now, if someone can get ont your PC, they not only
 > get the credit card number (which there are myriad different ways to
 > get) but the CVV as well so that mechanism is, now, all but useless.

Oh c'mon, all but useless? Look at all the ifs/ands/buts. They need
access to your form history which actually is useless if the
merchant's form just uses a password-type field, etc.

Yeah, a lot of these techniques are useless if your computer etc is
completely pwned. But they help if you're not.

Credit card fraud prevention is all about percentages, not absolutes.

Even just requiring a valid credit card number and expiration date and
nothing else probably prevents, I dunno, 98%+ of all potential fraud,
probably 99%+.

The rest is about squeezing down that last percentage point or two and
generally discouraging crooks from trying.

One of the PITA frauds credit card companies deal with is someone in
the household, like your teenage kid, taking your card physically out
of your wallet and using it w/o your permissin and then you call in
when you see the bill that you never ordered $100 from iTunes or
bought any cool sneakers at the mall.

That's probably more common than a lot of the other frauds you imagine.

A lot of these techniques at least prove that *someone* had your card
physically if they suspect this was not fraud but, rather,
"unauthorized use".

People will also try to deny charges they simply regret, like a night
at a bar with strippers particularly that one in the blue hot pants,
who the h*** KNEW she got $300 for a lap dance and $50/glass for the
Kristal, doesn't seem fair not fair at all...it's some backpressure.


-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*




More information about the NANOG mailing list