?

Log in

No account? Create an account
CVV2 Questions - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

CVV2 Questions [Nov. 25th, 2003|11:30 am]
Brad Fitzpatrick
The Internet is useless. I want to know why CVV2 codes on credit cards are supposed to be more secure and help consumers. Every website just tells me, "It protects you". But why?

Theories:

1) it's not embossed, so employee crooks at stores swiping cards with carbon paper don't get the CVV2 number.

2) it's not part of the hashing function within the card's primary 16 numbers, so even if you use a credit card generator program (trivial to write), you can't get correct CVV2 numbers, since only the card issuer has it.

3) merchants aren't supposed to store CVV2 numbers? So if their databases are hacked, nobody gets those? No... because I know Amazon and many others do.

I don't really think (1) and (2) happen much anymore compared to databases being hacked (3), and since everybody just puts CVV2 numbers in their databases, how does CVV2 really help?

Enlighten me!
LinkReply

Comments:
[User Picture]From: toast0
2003-11-25 03:43 pm (UTC)
do you know anything about how that works? i noticed my bank recently added that, but i haven't shopped anywhere that uses it... the only way i can see that it would really be useful as a security thing is if you submit the password to mastercard/yourbank/whatever rather than the merchant*. which ends up being like paypal, in that the merchant can't control the user experience and customers tend not to like the non-integrated feel.

*if i'm submitting the password to the merchant, then they can store it and submit it to other verified by visa sites; and using the verified by visa password means i'm not entitled to claim i wasn't the one buying the stuff.

(Reply) (Parent) (Thread)