nanog mailing list archives
Re: CVV numbers
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Sun, 10 Jun 2012 08:48:40 +1000
On Sat, Jun 09, 2012 at 02:34:03PM -0700, Scott Howard wrote:
On Sat, Jun 9, 2012 at 12:12 PM, Wayne E Bouchard <web () typo org> wrote:The main weakness of CVV2 these days is "form history" in browsers. (auto complete).Any website requesting a CVV2 in a form field without the form history/autocomplete being disabled is in breach of PCI compliance, and risks losing their ability to accept credit cards.
And convenience trumps pseudo-security yet again; Chrom(ium) asks me if I want to save my CC details when I put them in (to which I tell it not just "no", but "are you *nuts*?"); presumably this is on forms which include autocomplete=off, since it happens often enough. So I would assume that this PCI compliance tickbox is being ignored by browsers. Whee! - Matt -- Ruby's the only language I've ever used that feels like it was designed by a programmer, and not by a hardware engineer (Java, C, C++), an academic theorist (Lisp, Haskell, OCaml), or an editor of PC World (Python). -- William Morgan
Current thread:
- CVV numbers Hal Murray (Jun 09)
- Re: CVV numbers Lynda (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 09)
- Re: CVV numbers Alexandre Carmel-Veilleux (Jun 09)
- Re: CVV numbers Wayne E Bouchard (Jun 09)
- Re: CVV numbers Barry Shein (Jun 09)
- Re: CVV numbers John Adams (Jun 09)
- Re: CVV numbers Scott Howard (Jun 09)
- Re: CVV numbers Matthew Palmer (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 09)
- Re: CVV numbers Lynda (Jun 09)
- Re: CVV numbers Jimmy Hess (Jun 09)
- Re: CVV numbers Scott Howard (Jun 09)
- Re: CVV numbers Aled Morris (Jun 09)
- Re: CVV numbers Barry Shein (Jun 10)
- Re: CVV numbers Barry Shein (Jun 10)
- Re: CVV numbers Jay Ashworth (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 10)
- Re: CVV numbers Gary Buhrmaster (Jun 10)
- Re: CVV numbers Stephen Sprunk (Jun 09)