On Jun 9, 2012, at 7:14 AM, Lynda wrote: > On 6/9/2012 12:06 AM, Hal Murray wrote: >> >> In response to my comment about: >> >>> If I'm not supposed to not "tell anyone", why is it even printed where I can >>> read it? >> >> (Sorry for the extra not in there.) > > The CVV number is simply to prove that the card is in your possession. The > percentage of the sale that goes to Amex/Visa/Mastercard/Discover (etc) is > determined by whether the merchant can supply various items, and the CVV is > one of them. Running the card physically (where the merchant touches your > card, and presumably verifies that you are you) gets taxed the lowest. The > CVV is just meant to replace that verification. Sort of. I disapprove > *strongly* of any online merchant that does not request this simple item, but > it's not magic. >
How does having the CVV number prove the card is in my possession? I have memorized the CVV in addition to the 16 digits of the cards I commonly use and routinely enter them into online ordering without retrieving the card. What prevents a fraudster from writing the CVV down along with the other card data? Sure, the CVV (in the case of CVV2) may not be included in the computer-readable mag-stripe or in swipe transactions, but I really don't see how CVV does anything to prove physical possession of the card at the time of the transaction (or at any time, in fact). >> I got an off list suggestion of: >> http://www.cvvnumber.com/ >> >> It looks reasonable. >> >> But then, whois for cvvnumber.com says: > >> Registrant: >> Domains By Proxy, LLC > >> Should I really take them seriously? > > No. No you should not. Here's the canonical Wikipedia entry, for those still > playing along. > > http://en.wikipedia.org/wiki/Luhn_algorithm Luhn seems to apply to the check digit (last of the (usually) 16 digits) on the face of the credit card and not to the CVV value. Owen
