Content deleted Content added
Reverted to revision 218430600 by Andy Dingley; Removed personal opinion/rant. (TW) |
Reverted to revision 258497414 by Agent007bond; Oops. Realized this is the talk page!. (TW) |
||
Line 72:
It seems like the article should say... <small>—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/206.168.188.130|206.168.188.130]] ([[User talk:206.168.188.130|talk]]) 19:02, 26 October 2007 (UTC)</small><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
== Limitation - Should be obvious ==
I understand that CVV2 is designed to verify that the person making "card not present" transactions occurring over the Internet, by mail, fax or over the phone is holding the physical card at the time of transaction. However, CVV2 code is just a 3-4 digit number. Unlike a PIN code or password, the CVV2 code can never be changed.
Anyone who can copy the 16-digit credit card number and it's expiry month, can very easily copy this short code. Once the person has copied the three details, he/she can easily make an Internet transaction or a similar "card not present" transaction even though he may not be holding the physical card. This fraud can be attempted very easily using, for example, a photograph of the back side of credit card. (The photo can be mirrored to reveal the credit card number and expiry date, eliminating the need for a photo of the front side.)
Why is this limitation not acknowledged? It is the most serious of all limitations of CVV2 and it's a 'self-defying' limitation. That means, it defeats the very purpose of CVV2, rendering it useless. I think it should be mentioned in the Limitations section.
''My suggestion is, the CVV2 code should be sent as a separate document from the Bank, and the user should be requested to memorize the code and destroy the document. For current cards, a strong thin black sticker can be used to cover up the CVV2 code, after the cardholder has memorized it. This will prevent shopkeepers and store cashiers from copying down the CVV2 code.''
''I understand my suggestion is not fool-proof as more services are starting to require CVV2 code. However, I believe the legitimate services that require CVV2 code will discard the code and destroy all records once the transaction has been made. It protects against fraud during "card present" signature-based transactions, and against friends or significant other who are taking a look at your wallet.''
--[[User:Agent007bond|ADTC]] ([[User talk:Agent007bond|talk]]) 15:02, 16 December 2008 (UTC)
: Did you read the first bullet point under [[Card Security Code#CVV2 limitations]]? That addresses the limitation in detail, and has been there since at least 2006. As for your proposal, this is not the place for it. You should contact the credit card companies directly if you want anyone with a chance of changing things to see it. [[User:Anomie|Anomie]][[User talk:Anomie|⚔]] 17:07, 16 December 2008 (UTC)
::The first bullet point does not address the exact limitation mentioned by me, although it is similar. The point mentions that the phisher has the card number and all details except the CVV2 number, then tricks the cardholder into entering the CVV2 number. Quote: ''There is now also a scam where a phisher has '''already obtained''' the card account number and '''gives''' this information to the victims '''before asking''' for the CVV2.''
::What I mentioned is that a thief physically present with a card does not always have to steal it as normally expected of him. He can simply copy down the card number, CVV2 and other details ''without the knowledge of the cardholder''. Although this kind of memory-based stealing will not allow the thief to make card-swiped transactions, he can still make Internet-based transactions such as purchasing membership access to websites.
--[[User:Agent007bond|ADTC]] ([[User talk:Agent007bond|talk]]) 03:08, 17 December 2008 (UTC)
| |||