Re: CVV numbers

[Gary Buhrmaster <gary.buhrmaster () gmail com>]

On Sun, Jun 10, 2012 at 8:02 AM, Owen DeLong <owen () delong com> wrote:
....
> The skimmers can use CVV1 and bypass the CVV2 protection in most
> cases (though that requires them to gen up a fake or fraudulent card and
> do card present transactions which does add risk for them).

Not so much for them, but the sacrificial mules that go to the (physical)
stores (and the mules, at best, know the location to meet their handler,
who is not even the person/group responsible for the acquisition of the
numbers, but just another middle person).

> It costs almost nothing, so a few fraudulent transactions blocked is probably
> enough. That doesn't change the fact that I believe there have to be more
> effective methods that wouldn't cost much more.

One of the CC industry "think tanks" (the think tank part of first data; to
be honest, I am not sure that part still exists) has proposed various
alternatives over the years (including a true non-traceable cash type of
CC alternative that was sort of appealing), but the priority of the banks
continues to be to insure convenience (with minimal losses for the banks),
and almost all the of the alternative involved some sort of additional
inconvenience to the customer.  If you can come up with a good alternative,
there are many many millions to be made.  I am not smart enough to
be able to come up with a clearly better alternative (other than a
personal optimization to remember all the CC numbers, including the
CVV2, as you stated you do).

Gary