[153654] in North American Network Operators' Group
Re: CVV numbers
daemon@ATHENA.MIT.EDU (Scott Howard)
Sat Jun 9 17:34:38 2012
In-Reply-To: <20120609191238.GA76757@wakko.typo.org>
Date: Sat, 9 Jun 2012 14:34:03 -0700
From: Scott Howard <scott@doc.net.au>
To: Wayne E Bouchard <web@typo.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jun 9, 2012 at 12:12 PM, Wayne E Bouchard <web@typo.org> wrote:
> The main weakness of CVV2 these days is "form history" in browsers.
> (auto complete).
Any website requesting a CVV2 in a form field without the form
history/autocomplete being disabled is in breach of PCI compliance, and
risks losing their ability to accept credit cards.
That's not to say there aren't some that do it, but to call this the "main
weakness" of CVV2 is simply wrong.
Scott
