[153640] in North American Network Operators' Group
Re: CVV numbers
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Sat Jun 9 14:37:54 2012
Date: Sat, 09 Jun 2012 13:35:31 -0500
From: Stephen Sprunk <stephen@sprunk.org>
To: nanog@nanog.org
In-Reply-To: <35332AB4-0FB4-4CF1-A73C-6CB4A737B472@antelope.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is a cryptographically signed message in MIME format.
--------------ms080307010005060409020107
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 09-Jun-12 09:14, Joel Maslak wrote:
> On Jun 9, 2012, at 1:06 AM, Hal Murray <hmurray@megapathdsl.net> wrote:=
>> Should I really take them seriously?
> Your call.
>
> That said, the purpose of CVV is to stop *one* type of fraud - it's to =
stop a skimmer from being able to do mail-order/internet-order with your =
card number. The CVV is not on the magnetic strip, so a skimmer installe=
d at the ATM or gas pump won't be able to capture it.
This is CVV2; it is printed (but not embossed) on the card but not on
the magstripe. This is requested by online merchants to "prove" that
the card is in the customer's possession, since it won't show up on
carbons, receipts, etc. and in theory will never be stored by any
merchant (unlike the account number, expiration date, etc.). .
> There's a similar value on the magnetic strip that keeps the internet s=
ite you gave your card number and CVV to from being able to print cards a=
nd use them at the gas pump.
This is CVV1; it is on the magstripe but not printed on the card; this
is how brick-and-mortar merchants can "prove" that your card was in the
merchant's possession ("card present"), i.e. swiped rather than entered
by hand.=20
> Certainly they don't stop all fraud. They stop one type of fraud.
The two codes are targeted at very different types of fraud. What they
have in common is that submitting either a CVV1 or CVV2 number enables
merchants to get a better discount rate on their transactions. Given
the low margins in many industries, this can make the difference between
making a profit and losing money on a sale, which is why many merchants
refuse transactions without CVV1 or CVV2. Merchants in industries with
higher margins often don't care; they'll submit CVV1 or CVV2 when
convenient, but they won't let not having them block the sale.
S
--=20
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
--------------ms080307010005060409020107
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNjCC
BTIwggMaoAMCAQICAwuIVDANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMjAz
MjcxOTQ4NTdaFw0xMjA5MjMxOTQ4NTdaMD0xGDAWBgNVBAMTD0NBY2VydCBXb1QgVXNlcjEh
MB8GCSqGSIb3DQEJARYSc3RlcGhlbkBzcHJ1bmsub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1qAUmWE5Nv/9HFl7f52VrEoGqhbYG1rPE7go13pSxgUBi02iDNKyDTJH
b/CswpO/FE9p34QbUlnOXY3LRrLh+/NaS496breDA8mRKCceNHIPaiK3Mwpl0q787WQalrp9
mBV2jKHobOMOWbtNiuYSq6k4qfqIvFJvGOsgizcqeMjjLyR8GimjGCQYuH2o970PhlNidpAj
mVMCBehc3RhjmevEn4ydIL7j0bmFj9YuLxaoISq6icdh7VFxqAzdEbHhQHKp1N8aNq5yhcWD
M//Bq8MpMd1+zNse/pVc7/42G5iArYkImUbu/P48PgR8ZX9D59hJxP7kRyKVT9dbTNkh4wID
AQABo4H+MIH7MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93
biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQu
b3JnMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGC
NwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
c3AuY2FjZXJ0Lm9yZzAdBgNVHREEFjAUgRJzdGVwaGVuQHNwcnVuay5vcmcwDQYJKoZIhvcN
AQEFBQADggIBAD8tqTvu2ZrBGK01AFSzf0BYcYNXMRwK8XqWQpeJwo2+s+GSsrukNEEn2mNn
RLIF879e/7dmLoCVKkWXqhn/L9BdWTquRHuAQqokyddekrKFP7yNabXUOVD4dxkzgGc/pD70
7uj5pfIAqx7/JYUPdCgWtX91gtxN3CVmUUAKcewA/xXJy1VPZVR3q6aP9K/4x4Qir06xVtZm
BApKc4s5zaD8b8CLxFhKDw/NUymby1OKjSS7h5JhPsdOOqm6JeGHKRhL3tGFv5ObUTK4ABz8
LF2rtpx/h+eRMP0CxQaI50fz8H0fDMBo4ztsdEAmp9lh0F9CyCYAkt3qLhXFDvX2lOGqmB4f
4Q4/atUCqZnUA/4hZGC0PKgwTOSztFvPlAGtb/S7NeAhv3x6HTMsIP+yanB8/HBJtZXariH3
D2fpUibEFCPubaVSciPKEpI/Lv+BtQ7FmsbQqTV+iHovbQYZ/UcFtfjIcBCnQJjGmk3V5nsE
0p+Aw/IiHUoYwZD+TjaaBBGNJnFaQosQtwy44jwURIb+Lb1/ditqIlXobV9ShzAApuHc3g9R
CPjrmVlEDaLaG/82L92QqE84CrUfUWNqMqtDskQtizkD1ju8sfH9NJHLYolpbUlPJrWCW/8z
Cl25O3uLZMn8gc6egClBfIm+jGZuSQ9sohcX4hw1jg7wK1guMYIDlDCCA5ACAQEwgYAweTEQ
MA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYD
VQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0
QGNhY2VydC5vcmcCAwuIVDAJBgUrDgMCGgUAoIIB6DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA2MDkxODM1MzFaMCMGCSqGSIb3DQEJBDEWBBSd8nyl
LQs5tseED+gexq6feIx0hzBfBgkqhkiG9w0BCQ8xUjBQMAsGCWCGSAFlAwQBAjAKBggqhkiG
9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN
AwICASgwgZEGCSsGAQQBgjcQBDGBgzCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo
b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDC4hUMIGTBgsqhkiG
9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3
LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkq
hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDC4hUMA0GCSqGSIb3DQEBAQUABIIBAG8t
78FOoYzuUC0bqZ1iRbaFmxx0v5CMRDEr8mDFDr4eV4Ddf8wujHHDNvOOBzbvSNKO3RjHiVZ/
HAKkeNpnoAhATzgNRWzWj7/vTuYoIFoN8+QYZWXuDIqOEVhNFDx3RjgHg9iTyMD1domkSNqE
7w4M5yHtg6pMwzdzFtWsl78RleYQF0Zr1auXwIg5UPDX22QmU7C3VCtNzf4IyLwD/iSybOQB
fsXZRbxQFfPijUzISZJsBYnRCQtHlu85Wd9ZdrKEum2Rv6xcU6X7FfMmKcvhd/GctfylbvYf
Ua+N/pauS8u1tuOe1QaH5D49aZfP+9i9iQEXItiV6NWiOfDj7BgAAAAAAAA=
--------------ms080307010005060409020107--
