nanog mailing list archives
RE: bloomberg on supermicro: sky is falling
From: bzs () theworld com
Date: Wed, 10 Oct 2018 13:24:41 -0400
On October 10, 2018 at 15:55 SNaslund () medline com (Naslund, Steve) wrote:
The entire point of the CVV has become useless. Recently my wife was talking to an airline ticket agent on the phone (American Airlines) and one of the things they ask for on the phone is the CVV. If you are going to read that all out over the phone with all the other data you are completely vulnerable to fraud. It would be trivial to implement a system where you make a charge over the phone like that and get a text asking you to authorize it instead of asking for a CVV.
I'm pretty sure the "entire point" of inventing CVV was to prove you physically have the card. For example someone dumpster-diving a restaurant etc particularly in the old imprint days when this was dreamed up wouldn't have the CVV or at least not from that source. Many merchant contracts' fees are based on whether you do sales on physical cards (lower) vs not like online. I don't know off-hand how that's affected by verifying the CVV online, I suspect it's mostly used online to avoid certain kinds of fraud for all the other reasons. We're very careful with CVVs as per contract agreement and they don't go near the database, only used during the verification and gone when the app fork exits. Credit card fraud is, to the processors, a game of percentages and cost/benefit. Sure one could have the CVV w/o the card, these days a big hazard are service people (e.g., restaurants) who can trivially snap both sides of your card with their phone, they often take your card away and come back later with the receipts and your card. In Europe and probably elsewhere it's very common for them to process your card with a hand-held device right in front of you which would make that more difficult. But any proposal to improve cc security has to reflect the cost/benefit across millions of transactions. If one isn't working with that data then they're only guessing. -- -Barry Shein Software Tool & Die | bzs () TheWorld com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Current thread:
- Re: bloomberg on supermicro: sky is falling, (continued)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling David Hubbard (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- Re: bloomberg on supermicro: sky is falling Bjørn Mork (Oct 12)
- CVV (was: Re: bloomberg on supermicro: sky is falling) Robert Kisteleki (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Scott Christopher (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Chris Adams (Oct 11)
- CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)