bloomberg on supermicro: sky is falling

bzs at theworld.com bzs at theworld.com
Wed Oct 10 17:24:41 UTC 2018


On October 10, 2018 at 15:55 SNaslund at medline.com (Naslund, Steve) wrote:
 > The entire point of the CVV has become useless.  Recently my wife was talking
 > to an airline ticket agent on the phone (American Airlines) and one of the
 > things they ask for on the phone is the CVV.  If you are going to read that all
 > out over the phone with all the other data you are completely vulnerable to
 > fraud.  It would be trivial to implement a system where you make a charge over
 > the phone like that and get a text asking you to authorize it instead of asking
 > for a CVV.   

I'm pretty sure the "entire point" of inventing CVV was to prove you
physically have the card.

For example someone dumpster-diving a restaurant etc particularly in
the old imprint days when this was dreamed up wouldn't have the CVV or
at least not from that source.

Many merchant contracts' fees are based on whether you do sales on
physical cards (lower) vs not like online. I don't know off-hand how
that's affected by verifying the CVV online, I suspect it's mostly
used online to avoid certain kinds of fraud for all the other reasons.

We're very careful with CVVs as per contract agreement and they don't
go near the database, only used during the verification and gone when
the app fork exits.

Credit card fraud is, to the processors, a game of percentages and
cost/benefit.

Sure one could have the CVV w/o the card, these days a big hazard are
service people (e.g., restaurants) who can trivially snap both sides
of your card with their phone, they often take your card away and come
back later with the receipts and your card.

In Europe and probably elsewhere it's very common for them to process
your card with a hand-held device right in front of you which would
make that more difficult.

But any proposal to improve cc security has to reflect the
cost/benefit across millions of transactions. If one isn't working
with that data then they're only guessing.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*



More information about the NANOG mailing list