[ale] OT: Security code on Credit/Debit cards
Michael B. Trausch
mike at trausch.us
Sat Feb 20 12:28:18 EST 2010
On 02/19/2010 07:33 PM, Michael H. Warfield wrote:
> Given the description, it does sound like physical card skimming and it
> would be someone who did more than just scan your card and hand it back
> to you. I would first suspect anywhere you allowed the card out of your
> control (think restaurants and paying your check) would be the prime
> candidate. Check-out lines and registers in stores are much less
> likely, although they did catch one person in NY one year double swiping
> cards. They would have to read the CVV number while verifying your
> signature. Fake card readers and fake facades at places like gas
> stations are not unheard of but are highly unlikely if they had your
> CVV. You could put a little spot of black paint or tape over the CVV
> after noting it to yourself and then never let that card out of your
> sight.
I was pretty much under the impression that CVV/CVC were pretty much the
worst form of security ever, roughly equivalent to no security at all.
Some vendors will require the code in-person, (say, when you cannot
swipe the card for whatever reason to "prove" that the card was present
during the transaction---I'd rather imprint it myself, but hey, that's
just me) or online vendors will (against the rules of their card holding
agreement) store CVV/CVC codes in their own databases.
After all, it's only 10-14 extra bits of data associated with the card.
--- Mike
--
Michael B. Trausch ☎ (404) 492-6475
More information about the Ale
mailing list