CVV numbers

Stephen Sprunk stephen at sprunk.org
Sat Jun 9 18:35:31 UTC 2012 

On 09-Jun-12 09:14, Joel Maslak wrote:
> On Jun 9, 2012, at 1:06 AM, Hal Murray <hmurray at megapathdsl.net> wrote:
>> Should I really take them seriously?
> Your call.
>
> That said, the purpose of CVV is to stop *one* type of fraud - it's to stop a skimmer from being able to do mail-order/internet-order with your card number.  The CVV is not on the magnetic strip, so a skimmer installed at the ATM or gas pump won't be able to capture it.

This is CVV2; it is printed (but not embossed) on the card but not on
the magstripe.  This is requested by online merchants to "prove" that
the card is in the customer's possession, since it won't show up on
carbons, receipts, etc. and in theory will never be stored by any
merchant (unlike the account number, expiration date, etc.).  .

> There's a similar value on the magnetic strip that keeps the internet site you gave your card number and CVV to from being able to print cards and use them at the gas pump.

This is CVV1; it is on the magstripe but not printed on the card; this
is how brick-and-mortar merchants can "prove" that your card was in the
merchant's possession ("card present"), i.e. swiped rather than entered
by hand. 

> Certainly they don't stop all fraud.  They stop one type of fraud.

The two codes are targeted at very different types of fraud.  What they
have in common is that submitting either a CVV1 or CVV2 number enables
merchants to get a better discount rate on their transactions.  Given
the low margins in many industries, this can make the difference between
making a profit and losing money on a sale, which is why many merchants
refuse transactions without CVV1 or CVV2. Merchants in industries with
higher margins often don't care; they'll submit CVV1 or CVV2 when
convenient, but they won't let not having them block the sale.

S

-- 
Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120609/806d8854/attachment.bin>

More information about the NANOG mailing list