Credit Card Security Code (Last 3 digits)

The more I hear about credit card fraud and the way that cc's are used online and over the phone, the more it seems to me that the 'last 3 digit' system is seriously open to abuse. Does anyone, apart from the person holding the card at the time (not necessarily the person who pays the bill!) need access to these 3 numbers? Every single online payment process asks for the last 3 digits, as does the credit card company. You're also asked for it if you place an order by phone. So ... question is, if you rub out those 3 digits and remember them, or write them unobtrusively on your card in code form, will the sky fall on top of you? I suspect not ... ?!!!

Comments

  • peregrin
    peregrin Posts: 112 Forumite
    I think the theory behind it is that it's something else verifiable, i.e. that you have the entire card (rather than a photocopy of the front, for instance!).

    When verifying the card, to increase security, many companies verify either the CVC (last 3 digits) and/or the cardholder's postcode... some do one or the other, some do both, some do neither and respond accordingly. For instance if I type my postcode wrong, some places reject the card and ask me to check the details, and with some it goes through on the nod. Same with the CVC number. It's all automated decision making, I guess.

    I know the intention was that it was something that only you knew, only your card had on it, not written down anywhere else or stored anywhere else (Except the bank's computer system), but as you say with so many companies asking for it, I have no idea what the policy is as to whether companies can store it or not - for instance, for recurring transactions or saved card details, because if they can then there's a possibility of a huge vulnerability there.

    But in answer to your question then you are probably safer rubbing it off and memorising it, in case someone steals your card but asking for it seems to be part of the furniture now, who knows how many companies have that little number stored!
  • DCFC79
    DCFC79 Posts: 40,595
    Name Dropper First Anniversary First Post
    Forumite
    edited 30 July 2009 at 7:12PM
    Ive bought stuff from websites that i have used before do ask for the CVC so on the sites i use its not stored and neither is the card number
  • Thank you ... you've confirmed what I guessed, which is that it's only there as an additional security measure, but since it's printed on the card ... duhhhh? My gut feeling is that the fewer numbers we can all leave for easy access, the better. I think (but may well be wrong) that online/phone transactions give the supplier/retailer my name and address details, but that my card info is secure. Fine, as long as no-one nicks my card, and has the ability to link my name and address to my card number and (in this case) my CVC. (I didn't get it right, did I?, but can't change the title on this post!) Surely, if the card companies expect us to remember our PINs, couldn't they also suggest that we memorise our CVC? Seems so simple to me, I can't understand it.

    For anyone who's reading this and has trouble remembering numbers (and forgive me if this is a 'Teaching Granny To Suck Eggs' message), think of something - a name, place, event or whatever - which has 10 letters in it, none of which are the same. It should be something easy to remember, but nothing that anyone could guess - JOHN SMITHY would work, for instance) Then assign each letter to a number in, for example, your PIN code. Or your CVC, relevant to this thread! You can then quite happily write the letters on your card, and if you ever have to work out your PIN or your CVC, just count through the letters and work out which number in your 'code' it relates to. Simples, as the meerkat would say. So, a PIN code of 2468 would be ONMT. 'ONMT' written on your card would be meaningless to anyone else, but useful to you - as long as you remember the name, place, whatever which is your own personal code. Has to be a safer option than leaving your CVC number available to anyone who might end up with your card number ...
  • DCFC79 wrote: »
    Ive bought stuff from websites that i have used before do ask for the CVC so on the sites i use its not stored and neither is the card number

    I know that most sites are secure, but if you lose your card, or it's stolen ... that's my issue
  • D1zzy
    D1zzy Posts: 1,500 Forumite
    For "card holder not present" transactions ( ie online or telephone) the ability to provide the security digits is supposed to ensure that the person placing the order is in posession of the card. It is illegal for companies to store those digits.
  • D1zzy wrote: »
    For "card holder not present" transactions ( ie online or telephone) the ability to provide the security digits is supposed to ensure that the person placing the order is in posession of the card. It is illegal for companies to store those digits.

    I know ... internet/phone transactions aren't what the thread's about. It's to do with the fact that the CVC's printed on the back of the card, so that if the card is stolen or lost, it means that someone else has the power to use it online. Admittedly, they'd need the cardholder's address, but that's not impossible to find since their name's printed on the face of the card.

    All I was suggesting is that people with cards should memorise their CVC and then erase it from the back of their credit/debit card.
  • Glad I found this thread, as I was wondering about the wisdom of having everything on the card. Still, have to wonder why chip and pin fell out of favour though. Another thought, what's the magnetic strip on the back for these days?
  • username
    username Posts: 649
    First Post First Anniversary
    Forumite
    rayb6379 wrote: »
    Glad I found this thread, as I was wondering about the wisdom of having everything on the card. Still, have to wonder why chip and pin fell out of favour though. Another thought, what's the magnetic strip on the back for these days?
    For places that don't use the chip or when the chip doesn't work!
  • I know ... internet/phone transactions aren't what the thread's about. It's to do with the fact that the CVC's printed on the back of the card, so that if the card is stolen or lost, it means that someone else has the power to use it online. Admittedly, they'd need the cardholder's address, but that's not impossible to find since their name's printed on the face of the card.

    All I was suggesting is that people with cards should memorise their CVC and then erase it from the back of their credit/debit card.

    The CV2 code was introduced to protect the card and cardholder from having their card skimmed at point of sale, with the code itself is not being held on the magnetic stripe. The likelihood of someone using your card after finding it in the street or having stole it is extremely small.
  • taxi97w
    taxi97w Posts: 1,526
    First Anniversary Combo Breaker First Post Photogenic
    Forumite
    I covered my 3 digit number with a sticky piece of paper and the bank teller at the bank said I can't do that!

    I didn't remove it, cause I figured if an in-store person can get your whole card number & expiry dates, like Netto was doing at the time, all the in-store person had to do was look at the 3 digits (easy to remember) and go on an online spending spree!
    more dollar$ than sense
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 341.7K Banking & Borrowing
  • 249.7K Reduce Debt & Boost Income
  • 449.1K Spending & Discounts
  • 233.8K Work, Benefits & Business
  • 606K Mortgages, Homes & Bills
  • 172.5K Life & Family
  • 246.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards