[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]
Re: RFID Flap Silences Security Researchers
In article <460d362c$0$30089$3406c2d1@xxxxxxxxxxxxx>, invalid@xxxxxxxxxxx (Larry) writes:
| I was under the impression that CVV2 was never supposed to be stored.
| Does anyone know if that's a law, a regulation of the credit card
| companies, or what?
I don't know about law or regulation, but any online order site that
requires the CVV2 and that does not validate the transaction in real
time must store it at least for a while. I have used such sites, though
I always use a one-time number that gives me a one-time CVV2 as well.
Something that bothers me about the CVV2 is that the credit card
companies and their proponents make a big point that the owner of
the credit card is the only person who can possibly know the number.
I often explain that anyone to whom I've handed my card, along with
anyone who explicitly requests the CVV2 for a transaction may know it
as well. I get the feeling that the CVV2--as with many "security"
measures--may be more about non-reputability than authentication, i.e.,
it is intended to work against the customer in the event of a dispute.
Given that the CVV2 is not (as yet) used for card-present transactions,
has anyone considered obscuring or obliterating it on the physical card?
Dan Lanciani
ddl@danlan.*com
comp.home.automation Main Index |
comp.home.automation Thread Index |
comp.home.automation Home |
Archives Home