nanog mailing list archives

Re: CVV numbers

From: Scott Howard <scott () doc net au>
Date: Sat, 9 Jun 2012 14:31:44 -0700

On Sat, Jun 9, 2012 at 7:14 AM, Joel Maslak <jmaslak () antelope net> wrote:

That said, the purpose of CVV is to stop *one* type of fraud - it's to
stop a skimmer from being able to do mail-order/internet-order with your
card number.  The CVV is not on the magnetic strip, so a skimmer installed
at the ATM or gas pump won't be able to capture it.


No, it's to stop more than one type of fraud - however your point is
correct in that it's not designed to stop *all* fraud, it's just one of
many layers of prevention.

In addition to the one you've mentioned, the CVV2 also stop the card being
fraudulently being used in any situation where the card number has been
leaked, such as a database of card numbers being hacked, a receipt with the
full number on it (rare if at all existent these days), etc. The rules on
CVV2 numbers basically say that the number can never be recorded by the
merchant after the transaction has been processed, which pretty much means
that they can't store it at all in any form.  If a database is hacked, the
CVV2 number will not be there.

  Scott

Current thread:

Re: CVV numbers, (continued)
- - - Re: CVV numbers Jimmy Hess (Jun 09)
    - Re: CVV numbers Scott Howard (Jun 09)
    - Re: CVV numbers Aled Morris (Jun 09)
    - Re: CVV numbers Barry Shein (Jun 10)
    - Re: CVV numbers Barry Shein (Jun 10)
    - Re: CVV numbers Jay Ashworth (Jun 09)
    - Re: CVV numbers Owen DeLong (Jun 10)
    - Re: CVV numbers Gary Buhrmaster (Jun 10)
- Re: CVV numbers Joel Maslak (Jun 09)
  - Re: CVV numbers Stephen Sprunk (Jun 09)
  - Re: CVV numbers Scott Howard (Jun 09)