nanog mailing list archives
Re: CVV numbers
From: Scott Howard <scott () doc net au>
Date: Sat, 9 Jun 2012 14:42:11 -0700
On Sat, Jun 9, 2012 at 2:25 PM, Jimmy Hess <mysidia () gmail com> wrote:
Someone must have something in a database that can easily derive the CVV2 number;
There is no way to "derive" the CVV2 number. It is little more than a random number assigned to the card.
otherwise there would be no way for it to be verified that the correct number has
It is verified by comparing it to the known CVV2 number stored by the credit card company/bank that issued the card.
I bet there is at least one small retailer out there who takes phone orders and gathers CVV2, and at least one POS software developer out there who is unaware of, has ignored, or has intentionally/unintentionally disobeyed the rule about never storing CVV2 values in a database,
Gathering CVV2 number over the phone is completely valid. It's even valid to write them down, as long as they are destroyed as soon as the transaction has been completed. Of course there are people that disobey/ignore/don't know the rules - no level of security will ever be perfect in this regards - it's all about making the security better and reducing the rate of fraud/chargebacks.
In other words CVV2 is a "weak" physical "proof" mechanism that only works if all parties involved obey the rules perfectly without error,
Correct. It's a "weak" physical "proof" mechanism that has succeed in having a very significant reduction in fraudulent transactions/chargebacks across pretty much the entire industry. Remind me again what your point was? Scott
Current thread:
- CVV numbers Hal Murray (Jun 09)
- Re: CVV numbers Lynda (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 09)
- Re: CVV numbers Alexandre Carmel-Veilleux (Jun 09)
- Re: CVV numbers Wayne E Bouchard (Jun 09)
- Re: CVV numbers Barry Shein (Jun 09)
- Re: CVV numbers John Adams (Jun 09)
- Re: CVV numbers Scott Howard (Jun 09)
- Re: CVV numbers Matthew Palmer (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 09)
- Re: CVV numbers Lynda (Jun 09)
- Re: CVV numbers Jimmy Hess (Jun 09)
- Re: CVV numbers Scott Howard (Jun 09)
- Re: CVV numbers Aled Morris (Jun 09)
- Re: CVV numbers Barry Shein (Jun 10)
- Re: CVV numbers Barry Shein (Jun 10)
- Re: CVV numbers Jay Ashworth (Jun 09)
- Re: CVV numbers Owen DeLong (Jun 10)
- Re: CVV numbers Gary Buhrmaster (Jun 10)
- Re: CVV numbers Stephen Sprunk (Jun 09)
- Re: CVV numbers Scott Howard (Jun 09)