tag:blogger.com,1999:blog-3798604115389836864.post4009888988763072557..comments2024-03-13T13:04:53.453+00:00Comments on IT Security Expert Blog: Woolworths Credit Card BlunderSecurityExperthttp://www.blogger.com/profile/02816379340772195492noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-3798604115389836864.post-51501732416425236972009-02-17T14:32:00.000+00:002009-02-17T14:32:00.000+00:00Sure it's a big deal whether the CVV2 (3/4 digit) ...Sure it's a big deal whether the CVV2 (3/4 digit) security code was included in the Woolworth payment card details, but even if the security code isn't there, there is still enough information to commit fraud.<BR/><BR/>Not all retail websites request or are properly checking the security digit code. In July 2007 a report stated around half of the top online retailer weren't asking for the security code, http://www.getelastic.com/ecommerce-checkout-report/credit-card-verification/ while I've heard some online retailers which do request the code aren't even checking it's valid.<BR/><BR/>Sure the numbers of online retailers checking the security code has increased in the last 18 months, however it's still possible to find and buy at online retailers (esp. sourced from other countries) just using full credit card number (PAN), expiry date, name and perhaps the address.<BR/><BR/>Another angle fraudster takes, is to use the existing information they have to "phish" the the CVV number from the cardholder.SecurityExperthttps://www.blogger.com/profile/02816379340772195492noreply@blogger.com