Content deleted Content added
Reverted to revision 258497414 by Agent007bond; Oops. Realized this is the talk page!. (TW) |
Gnomingstuff (talk | contribs) rv WP:NOTFORUM |
||
| (51 intermediate revisions by 39 users not shown) | |||
Line 1:
{{WikiProject
{{WikiProject Business |importance=mid}}
{{WikiProject Numismatics |importance=Low}}
{{WikiProject Finance & Investment|importance=low}}
}}
==Related to actual number?==
Q. Is the CVV2 number related to the actual credit card number? Is it a random number? Or is there some other way that the card issuer selects the CVV2 number to put on a card?
<small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:207.233.79.134|207.233.79.134]] ([[User talk:207.233.79.134|talk]] • [[Special:Contributions/207.233.79.134|contribs]]) 23:27, 4 August 2005</span></small><!-- Template:Unsigned -->
A. I don't think MC or Visa require a particular algorithm, so it can be a random number stored in a secure lookup table, or it can be a derived number based on card data using a secret issuer key.
<small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:38.112.4.254|38.112.4.254]] ([[User talk:38.112.4.254|talk]] • [[Special:Contributions/38.112.4.254|contribs]]) 21:02, 31 March 2006 </span></small><!-- Template:Unsigned -->
:: The CVV2 is an encryption of the card number and expiry date, under a key known only to the issuing bank. The CVV on the magstripe is similar but the encryption also covers the service code, a value on the magnetic stripe. [[User:Zaian|Zaian]] 10:46, 18 June 2006 (UTC)
::: This isn't an encryption, although it may be a hash. The bank can't recover the card number, no matter how many keys they have, from a mere 3 digits! [[User:Andy Dingley|Andy Dingley]] ([[User talk:Andy Dingley|talk]]) 16:52, 10 June 2008 (UTC)
::::whatismy security code [[Special:Contributions/107.123.53.77|107.123.53.77]] ([[User talk:107.123.53.77|talk]]) 03:57, 4 November 2024 (UTC)
== Security model ==
Q. I would request to provide details on how does CVV verification process work. for example when a user enters his CVV in the payment termina intertface then what verification and validation processes occur in backgroung and the user gets authorized for the transaction. such information would be most appreciated.
[[User:Lavkru|Lavkru]] ([[User talk:Lavkru|talk]]) 09:48, 7 May 2013 (UTC)
I do not quite understand the security model underlying the CVV2. Isn't it the case that credit card numbers are typically obtained by making the user enter them on forged websites or by sniffing network traffic? Now what additional security do I gain if all such transactions will soon require to give the CVV2 as well? The same online methods used for stealing the credit card number can also be used to steal the CVV2.
Line 22 ⟶ 28:
:: See, that is why I just use bill pay services from my bank, no need to talk to a person by phone and provide them with that number, I personally try to avoid giving out my credit card to a company except for a secure website, and I would prefer the companies to not store my credit card as a permanent record and just use it for that one transaction [[User:Quazywabbit|Quazywabbit]] 06:28, 20 May 2006 (UTC)
The CVV2 is just another layer of defence against fraud. If you have generated the card number or gained the card details by skimming you won't have access to the CVV2, reducing the potential for fraud. [[User:Dkam|Dkam]] ([[User talk:Dkam|talk]]) 07:11, 12 July 2009 (UTC)
Question: Is the use of the CVV2 actually implemented at this time? I have been entering 3 random digits for all my online transactions, and so far, they have all been accepted. ([[Special:Contributions/24.66.0.192|24.66.0.192]] ([[User talk:24.66.0.192|talk]]) 21:36, 23 November 2010 (UTC))
== Is it really sure? ==
Line 36 ⟶ 46:
This is a guess, but it seems reasonable.
<small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:82.93.59.73|82.93.59.73]] ([[User talk:82.93.59.73|talk]] • [[Special:Contributions/82.93.59.73|contribs]]) 18:18, 21 August 2005</span></small><!-- Template:Unsigned -->
:Well, it is not so dificcult for an employer of a shop (or for the owner of the shop too) to look at the secutity code without being seen as suspicious. On some cards the security code is on the front and in other cases is next to the signaure box on the back of the card (which the merchant has contract right and duty to check at). The code is enought small to be memorized, so there no need to write it down immidiately rising suspicious. Morover in many case I see the teller write down on the credit card recipes many informations (the number of the day selling, and so on). The security code could be written among the same datas without rising souspicious, or it can even be written in a encripten form. if the fraud is made some time later (even months since the card is usually valid for 2 years and all the information needed, including the security code, do not change in the meantime) it would very difficult to track down all the place it was used in the time. And unless the teller is so silly to buy things online and have them sent to his/her postal address, it is very difficult to link among the use of the credit card and a specific sale, when the card was use.
Line 45 ⟶ 55:
[[User:12.205.149.45|12.205.149.45]] 22:54, 3 August 2007 (UTC)
== Location of CVV2 ==
There is an incorrect statement in this article:
Line 64 ⟶ 71:
http://www.ded.co.uk/magnetic-stripe-card-details.html
:CVV1 is stored on the card. CVV2 is not. I think the statement is accurate [[User:Talyian|Talyian]] 16:07, 14 September 2007 (UTC)
:Talyian is correct - CVV1 is on the mag stripe, CVV2 is printed on the card and is not present on the mag stripe. [[User:Dkam|Dkam]] ([[User talk:Dkam|talk]]) 12:39, 12 July 2009 (UTC)
Don't get inforamtion for wikipedia <!-- Template:Unsigned IP --><small class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/2601:18D:4601:2CD0:F413:6350:E36B:B11D|2601:18D:4601:2CD0:F413:6350:E36B:B11D]] ([[User talk:2601:18D:4601:2CD0:F413:6350:E36B:B11D#top|talk]]) 18:23, 23 March 2019 (UTC)</small> <!--Autosigned by SineBot-->
== History ==
Line 91 ⟶ 100:
::What I mentioned is that a thief physically present with a card does not always have to steal it as normally expected of him. He can simply copy down the card number, CVV2 and other details ''without the knowledge of the cardholder''. Although this kind of memory-based stealing will not allow the thief to make card-swiped transactions, he can still make Internet-based transactions such as purchasing membership access to websites.
::--[[User:Agent007bond|ADTC]] ([[User talk:Agent007bond|talk]]) 03:08, 17 December 2008 (UTC)
::I have scratched my CVV off the signature strip once I was sure I'd remebered it. I know the card is now officially void but it means no one can now read the CVV without my knowledge and use it for online transactions. In what physcial cases could my card now be rejected? The cashier would have to look closely at the back of the card to see the 'void' word which now shows through from underneath the signature strip. [[User:Hrf|hrf]] ([[User talk:Hrf|talk]]) 20:59, 15 May 2009 (UTC)
== What is the Spanish page for this entry? ==
I could not find a Spanish version Wikipedia page for Card Security Code. Can someone please post it here? <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/209.251.128.198|209.251.128.198]] ([[User talk:209.251.128.198|talk]]) 21:50, 9 September 2009 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
== Amex name for CVV2 is CID/4DBC ==
Amex name for CVV2 is CID/4DBC
4DBC stands for 4 digit batch code, recognising the fact that the security number is 4 digits on the front of the card. Would be good to insert this into the main text
== Reference (3) link is bad ==
Reference 3 to visa rules appears to go to a chargeback information page instead of the rules. Sorry I do not have the time to go searching for it today...[[User:Skaterdad|Skaterdad]] ([[User talk:Skaterdad|talk]]) 00:58, 28 March 2011 (UTC)
== CVV2 hacked! ==
http://www.zeit.de/2011/21/Kreditkarten-Sicherheit (german) <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/84.157.21.179|84.157.21.179]] ([[User talk:84.157.21.179|talk]]) 10:12, 21 May 2011 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
It has not remotely been hacked. They simply brute forced it by trying authorizations en masse at various websites. The fact that this was allowed to occur means that the card issuers simply were lacking in their fraud detection, I'm sure at this point the issuers simply look for a large amount of attempted authorizations and flag the card. Thus, the CVV is not weakened as a result. You can also brute force card numbers by generating all card numbers that have a valid Luhn check and attempt authorizations on those, but in cases like this the gateway provider would probably alert the store in question. Brute force methods are not a good way to do fraud on a large scale. [[Special:Contributions/98.103.160.18|98.103.160.18]] ([[User talk:98.103.160.18|talk]]) 15:09, 7 April 2017 (UTC)
== Prohibition on recording codes on paper forms ==
The article is correct that security codes are often used for mail transactions, but recording the code on paper is prohibited by all of the credit card companies. Does this deserve its own section in the article? If nothing else, a clarification should be made using the AmEx language: they're for ''real-time'' card-not-present transactions.
This is definitely controversial, as it's an area where common practice stands in opposition to official policy, so I'd like to see some discussion before making any changes.
; Visa
Avoid CVV2 Storage. All merchants are prohibited from storing CVV2 data. When asking a cardholder for CVV2, merchants must not document this information on any kind of paper order form or store it on any database. [Rules for Visa Merchants, 2007, page 12]
; MasterCard
Merchants ... must not store card validation code 2 (CVC 2) data in any manner for any purpose. ... At its discretion, MasterCard may impose a noncompliance assessment of up to USD 100,000 per each individual violation of this Standard, with a maximum aggregate assessment of USD 500,000 for additional or continuing violations during any consecutive 12-month period. [Security Rules and Procedures-Merchant Edition, Section 10.2, July 2009]
; American Express
CID numbers must not be stored for any purpose. They are available for real time Transactions only. [American Express Merchant Reference Guide – U.S., section 5.10, 2009] <small><span class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Coloradoauthor|Coloradoauthor]] ([[User talk:Coloradoauthor|talk]] • [[Special:Contributions/Coloradoauthor|contribs]]) 22:21, 16 May 2012 (UTC)</span></small><!-- Template:Unsigned -->
: Its own ''section'', no. A sentence or two summarizing (and sourced to) the above, sure. [[User:Anomie|Anomie]][[User talk:Anomie|⚔]] 01:11, 17 May 2012 (UTC)
== 3 digit CVV on AXP signature panel ==
Have noticed that there is a 3 digit code at the right hand end of the signature panel on my American Express cards (those from AXP itself and those from two other independent issuers). I would imagine that this is for the benefit of procedures or hardware that only allow for a 3 digit CVV. [[User:Scott Sanchez|knoodelhed]] ([[User talk:Scott Sanchez|talk]]) 17:38, 15 October 2013 (UTC)
== External links modified ==
Hello fellow Wikipedians,
I have just modified {{plural:1|one external link|1 external links}} on [[Card security code]]. Please take a moment to review [https://en.wikipedia.org/w/index.php?diff=prev&oldid=749576013 my edit]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:
*Added archive https://web.archive.org/web/20140424011239/https://www.securesuite.net/cibc/tdsecure/spc_description.jsp?cycfg_affinity=mc to https://www.securesuite.net/cibc/tdsecure/spc_description.jsp?cycfg_affinity=mc
When you have finished reviewing my changes, please set the ''checked'' parameter below to '''true''' or '''failed''' to let others know (documentation at {{tlx|Sourcecheck}}).
{{sourcecheck|checked=false}}
Cheers.—[[User:InternetArchiveBot|'''<span style="color:darkgrey;font-family:monospace">InternetArchiveBot</span>''']] <span style="color:green;font-family:Rockwell">([[User talk:InternetArchiveBot|Report bug]])</span> 01:32, 15 November 2016 (UTC)
== Magnetic stripe? ==
Why is this article primarily talking about magnetic stripes? Surely that is decades-out-of-date tech, replaced by smartcard chips ages ago? Is this article out of date, or are there still some countries (3rd world maybe?) that still use mag stripes? Can this article be updated to primarily refer to chips please? [[User:Evilandi|Andrew Oakley]] ([[User talk:Evilandi|talk]]) 09:50, 30 July 2020 (UTC)
:I may tell a secret to you, but mag stripe is still must to be accepted everywhere. Lol. Unless it is next gen where there is no mag stripe and "Signature is not required" is written. Or if you cannot sign your transaction sheet. [[Special:Contributions/2A00:1FA0:4638:232D:D94:FC02:20D6:E94B|2A00:1FA0:4638:232D:D94:FC02:20D6:E94B]] ([[User talk:2A00:1FA0:4638:232D:D94:FC02:20D6:E94B|talk]]) 08:24, 23 August 2020 (UTC)
::Or if the terminal does not support that. And that is most of modern ones, also if there is no human for example like in automatic kiosks... Both card (as you mentioned) and terminal can say they do not support this method, called signature in cardholder verification process. [[Special:Contributions/109.252.90.66|109.252.90.66]] ([[User talk:109.252.90.66|talk]]) 18:30, 25 March 2021 (UTC)
== Error in text ==
The first sentence says "…is a series of numbers that, in addition to the bank card number, is printed (but embossed) on a credit or debit card." Shouldn't that be "NOT" embossed? [[Special:Contributions/24.16.93.143|24.16.93.143]] ([[User talk:24.16.93.143|talk]]) 04:05, 19 June 2024 (UTC)
| |||