[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: RFID Flap Silences Security Researchers



In article <460d362c$0$30089$3406c2d1@xxxxxxxxxxxxx>, invalid@xxxxxxxxxxx (Larry) writes:

| I was under the impression that CVV2 was never supposed to be stored.
| Does anyone know if that's a law, a regulation of the credit card
| companies, or what?

I don't know about law or regulation, but any online order site that
requires the CVV2 and that does not validate the transaction in real
time must store it at least for a while.  I have used such sites, though
I always use a one-time number that gives me a one-time CVV2 as well.

Something that bothers me about the CVV2 is that the credit card
companies and their proponents make a big point that the owner of
the credit card is the only person who can possibly know the number.
I often explain that anyone to whom I've handed my card, along with
anyone who explicitly requests the CVV2 for a transaction may know it
as well.  I get the feeling that the CVV2--as with many "security"
measures--may be more about non-reputability than authentication, i.e.,
it is intended to work against the customer in the event of a dispute.

Given that the CVV2 is not (as yet) used for card-present transactions,
has anyone considered obscuring or obliterating it on the physical card?

				Dan Lanciani
				ddl@danlan.*com


comp.home.automation Main Index | comp.home.automation Thread Index | comp.home.automation Home | Archives Home