nanog mailing list archives
RE: bloomberg on supermicro: sky is falling
From: bzs () theworld com
Date: Wed, 10 Oct 2018 13:24:41 -0400
On October 10, 2018 at 15:55 SNaslund () medline com (Naslund, Steve) wrote:
The entire point of the CVV has become useless. Recently my wife was talking to an airline ticket agent on the phone (American Airlines) and one of the things they ask for on the phone is the CVV. If you are going to read that all out over the phone with all the other data you are completely vulnerable to fraud. It would be trivial to implement a system where you make a charge over the phone like that and get a text asking you to authorize it instead of asking for a CVV.
I'm pretty sure the "entire point" of inventing CVV was to prove you
physically have the card.
For example someone dumpster-diving a restaurant etc particularly in
the old imprint days when this was dreamed up wouldn't have the CVV or
at least not from that source.
Many merchant contracts' fees are based on whether you do sales on
physical cards (lower) vs not like online. I don't know off-hand how
that's affected by verifying the CVV online, I suspect it's mostly
used online to avoid certain kinds of fraud for all the other reasons.
We're very careful with CVVs as per contract agreement and they don't
go near the database, only used during the verification and gone when
the app fork exits.
Credit card fraud is, to the processors, a game of percentages and
cost/benefit.
Sure one could have the CVV w/o the card, these days a big hazard are
service people (e.g., restaurants) who can trivially snap both sides
of your card with their phone, they often take your card away and come
back later with the receipts and your card.
In Europe and probably elsewhere it's very common for them to process
your card with a hand-held device right in front of you which would
make that more difficult.
But any proposal to improve cc security has to reflect the
cost/benefit across millions of transactions. If one isn't working
with that data then they're only guessing.
--
-Barry Shein
Software Tool & Die | bzs () TheWorld com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
Current thread:
- Re: bloomberg on supermicro: sky is falling, (continued)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling David Hubbard (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- Re: bloomberg on supermicro: sky is falling Bjørn Mork (Oct 12)
- CVV (was: Re: bloomberg on supermicro: sky is falling) Robert Kisteleki (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Scott Christopher (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Chris Adams (Oct 11)
- CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)