Attention holiday shoppers: The card verification value should never be stored online
The end-of-year online buying season is a bank fraud frenzy. This used to be done by criminals using stolen or cloned payment cards in person, via card-present (CP) fraudulent transactions. The introduction of chip-based Europay, Mastercard, and Visa (EMV) cards has changed this. CP fraud is now much more difficult.
In response, criminals have moved to card-not-present (CNP) fraud. This is a switch to online fraud. Card details can be stolen in mass amounts from online retailers and then used to purchase goods from other retailers. But it shouldn't be that easy, because cards include a separate number known as the card verification value (CVV).
This is a three-digit (most commonly) or four-digit (on American Express cards) unique number printed on the card. This code is required to complete a transaction – but it should never be stored online. Its purpose is to prove to the retailer that the customer has the card in his or her possession.
The problem is that on the dark web there are huge numbers of card details, described as “fullz,” available for sale from one criminal to another. “Fullz” indicates that everything required for fraudulent transactions is available – including the CVV number.
The question then is how do the criminals obtain these numbers that should never be stored anywhere on the internet?
Protecting the CVV
Card details are primarily protected by a security standard known as the Payment Card Industry Data Security Standard (PCI DSS, usually just known as PCI). Compliance is required ..
Support the originator by clicking the read the rest link below.
