CVV numbers

• Previous message (by thread): CVV numbers
• Next message (by thread): CVV numbers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 09, 2012 at 02:34:03PM -0700, Scott Howard wrote:
> On Sat, Jun 9, 2012 at 12:12 PM, Wayne E Bouchard <web at typo.org> wrote:
> > The main weakness of CVV2 these days is "form history" in browsers.
> > (auto complete).
> 
> Any website requesting a CVV2 in a form field without the form
> history/autocomplete being disabled is in breach of PCI compliance, and
> risks losing their ability to accept credit cards.

And convenience trumps pseudo-security yet again; Chrom(ium) asks me if I want
to save my CC details when I put them in (to which I tell it not just "no",
but "are you *nuts*?"); presumably this is on forms which include
autocomplete=off, since it happens often enough.  So I would assume that
this PCI compliance tickbox is being ignored by browsers.  Whee!

- Matt

-- 
Ruby's the only language I've ever used that feels like it was designed by a
programmer, and not by a hardware engineer (Java, C, C++), an academic
theorist (Lisp, Haskell, OCaml), or an editor of PC World (Python).
		-- William Morgan

• Previous message (by thread): CVV numbers
• Next message (by thread): CVV numbers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]