[ale] OT: Security code on Credit/Debit cards

Mike Kachline mkachline at gmail.com
Fri Feb 19 20:49:28 EST 2010


>>> 1. The number on the back of the card usually a 3 digit number, is that 
>>> on the magnetic strip?
>> No.  That would defeat the purpose.  It's for physical verification of
>> the presence and control of the card.  That's not necessary for swipe
>> terminals and wouldn't be verified.

This actually depends on the bank who issued the card. Each credit card
usually contains two "tracks" of data, and, inside of "Track 2" is a
section called "discretionary data" which the bank can put whatever they
want into. Some banks could put the CVV/CID code there.

Of course, your CVV could have been compromised if you ever used it
online. In such a case, the website itself, or even a keystroke logger
on your PC could be suspect.
In your forensics activities, some other clues would be whether the
false purchasers also knew your zipcode and address (two other pieces of
information used to verify cardholder data.) Finally, a little known
piece of information, "address verification" of credit cards
differentiates between whether you have given a five digit zip, or
entire nine digit zip. If, for instance, you never give your full nine
digit zip, and you find that the false purchasers used a nine digit zip,
then, your Address verification (avs) information was probably taken
from places other than a recent credit card transaction that you have made.


   - Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mkachline.vcf
Type: text/x-vcard
Size: 166 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20100219/23a1a36c/attachment.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20100219/23a1a36c/attachment.bin 


More information about the Ale mailing list