Content deleted Content added
Undid revision 1146182234 by 41.246.26.241 (talk) |
Citation bot (talk | contribs) Add: date. | Use this bot. Report bugs. | Suggested by Anderjef | #UCB_toolbar |
||
Line 60:
Limitations include:
* The use of the CSC cannot protect against [[phishing]] scams, where the cardholder is tricked into entering the CSC among other card details via a fraudulent website. The growth in phishing has reduced the real-world effectiveness of the CSC as an anti-fraud device. There is now also a scam where a phisher has already obtained the card account number (perhaps by hacking a merchant database or from a poorly designed receipt) and gives this information ''to'' the victims (lulling them into a false sense of security) before asking for the CSC (which is all that the phisher needs and the purpose of the scam in the first place).<ref name="snopes">{{cite web|url=http://www.snopes.com/crime/warnings/creditcard.asp |title=Urban Legends Reference Pages: Visa Fraud Investigation Scam |date=23 December 2003 |publisher=Snopes.com |access-date=2011-12-25}}</ref>
* Since the CSC may not be stored by the merchant for any length of time<ref name="visa"/> (after the original transaction in which the CSC was quoted and then authorized), a merchant who needs to regularly bill a card for a regular subscription would not be able to provide the code after the initial transaction. Payment gateways, however, have responded by adding "periodic bill" features as part of the authorization process.
* Some card issuers do not use the CSC. However, transactions without CSC are possibly subjected to higher card processing cost to the merchants,{{citation needed|date=March 2014}} and fraudulent transactions without CSC are more likely to be resolved in favour of the cardholder.{{citation needed|date=June 2014}}
| |||