[ale] OT: Security code on Credit/Debit cards

Michael B. Trausch mike at trausch.us
Sat Feb 20 12:28:18 EST 2010


On 02/19/2010 07:33 PM, Michael H. Warfield wrote:
> Given the description, it does sound like physical card skimming and it
> would be someone who did more than just scan your card and hand it back
> to you.  I would first suspect anywhere you allowed the card out of your
> control (think restaurants and paying your check) would be the prime
> candidate.  Check-out lines and registers in stores are much less
> likely, although they did catch one person in NY one year double swiping
> cards.  They would have to read the CVV number while verifying your
> signature.  Fake card readers and fake facades at places like gas
> stations are not unheard of but are highly unlikely if they had your
> CVV.  You could put a little spot of black paint or tape over the CVV
> after noting it to yourself and then never let that card out of your
> sight.

I was pretty much under the impression that CVV/CVC were pretty much the 
worst form of security ever, roughly equivalent to no security at all. 
Some vendors will require the code in-person, (say, when you cannot 
swipe the card for whatever reason to "prove" that the card was present 
during the transaction---I'd rather imprint it myself, but hey, that's 
just me) or online vendors will (against the rules of their card holding 
agreement) store CVV/CVC codes in their own databases.

After all, it's only 10-14 extra bits of data associated with the card.

	--- Mike

-- 
Michael B. Trausch                                    ☎ (404) 492-6475


More information about the Ale mailing list