Content deleted Content added
Andy Dingley (talk | contribs) |
Agent007bond (talk | contribs) →Limitation - Should be obvious: new section |
||
Line 72:
It seems like the article should say... <small>—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/206.168.188.130|206.168.188.130]] ([[User talk:206.168.188.130|talk]]) 19:02, 26 October 2007 (UTC)</small><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
== Limitation - Should be obvious ==
I understand that CVV2 is designed to verify that the person making "card not present" transactions occurring over the Internet, by mail, fax or over the phone is holding the physical card at the time of transaction. However, CVV2 code is just a 3-4 digit number. Unlike a PIN code or password, the CVV2 code can never be changed.
Anyone who can copy the 16-digit credit card number and it's expiry month, can very easily copy this short code. Once the person has copied the three details, he/she can easily make an Internet transaction or a similar "card not present" transaction even though he may not be holding the physical card. This fraud can be attempted very easily using, for example, a photograph of the back side of credit card. (The photo can be mirrored to reveal the credit card number and expiry date, eliminating the need for a photo of the front side.)
Why is this limitation not acknowledged? It is the most serious of all limitations of CVV2 and it's a 'self-defying' limitation. That means, it defeats the very purpose of CVV2, rendering it useless. I think it should be mentioned in the Limitations section.
My suggestion is, the CVV2 code should be sent as a separate document from the Bank, and the user should be requested to memorize the code and destroy the document. For current cards, a strong thin black sticker can be used to cover up the CVV2 code, after the cardholder has memorized it. This will prevent shopkeepers and store cashiers from copying down the CVV2 code.
I understand my suggestion is not fool-proof as more services are starting to require CVV2 code. However, I believe the legitimate services that require CVV2 code will discard the code and destroy all records once the transaction has been made. It protects against fraud during "card present" signature-based transactions, and against friends or significant other who are taking a look at your wallet.
--[[User:Agent007bond|ADTC]] ([[User talk:Agent007bond|talk]]) 15:02, 16 December 2008 (UTC)
| |||