Stolen Credit Card CVV/CVC Puzzle

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Stolen Credit Card CVV/CVC Puzzle

1 | 2 | 3 | 4 | 5 | 6

42 posts

Geek

Lifetime subscriber

#3287265 28-Sep-2024 11:25

For subsequent transactions, they send the name/number only.

I recently had a new CC issued, so new expiry date & CVV, but same number. Some places I use for recurring payments sent me emails warning that my CC was about to expire and that I should update my stored details, others did not. Those that did, I updated, those that didnt I waited for them to complain before updating anything. Lotto never noticed, neither did 2degrees.

snj

186 posts

Master Geek

#3287294 28-Sep-2024 13:49

jim69:

For subsequent transactions, they send the name/number only.

I recently had a new CC issued, so new expiry date & CVV, but same number. Some places I use for recurring payments sent me emails warning that my CC was about to expire and that I should update my stored details, others did not. Those that did, I updated, those that didnt I waited for them to complain before updating anything. Lotto never noticed, neither did 2degrees.

From memory, it's recommended these days to use token based systems (Mastercard EU example linked) now for rebilling, instead of storing actual details in full. Seen a few times on Reddit and the likes where people have been caught out by the banks not invalidating registered tokens when replacing lost/stolen/fraudulently used cards, which has allowed continued billing against the account despite a new card getting issued (and potentially not even activated).

Chriellie

1 post

Wannabe Geek

#3293190 5-Oct-2024 15:31

Really interesting
I have some stuff I need to buy, do you want me to try your card out? 😜I'll try using a false number and see if it goes through

SimonGilmour

31 posts

Geek

#3293244 5-Oct-2024 18:42

Chriellie: Really interesting
I have some stuff I need to buy, do you want me to try your card out? 😜I'll try using a false number and see if it goes through

Yeah if you want. I've tried it a couple of times now and it has gone through. The last message the bank sent me - before refusing to respond altogether - was that it depends on the vendor. That some vendors demand the correct CVC number all the time, some need it for the first transaction only, and some don't care. I get the feeling that it is kind of up to the vendor and that they are essentially taking the risk, because if the card is being used fraudulently by someone who doesn't have the CVC number, then they are almost certainly going to have the transaction reversed by the credit card company once the car owner realises it is being used fraudulently and reports it.

SimonGilmour

31 posts

Geek

#3293246 5-Oct-2024 18:57

This is my new card now. I went to town on it. Half serious, half for fun.

Aerial cut to permanently disable paywave
Last 8 digits cut off so can't be used by finder
Expiry date cut out
My name cut out
Customer number cut out
Signature strip scraped off so can't be signed or signature forged - "void"

I believe that a sophisticated fraudsters/skimmer can still find the credit card number as it is encoded on the magnetic strip (not sure if the expiry date is - anyone know?). I won't go to the extent of running a strong magnet along it in case I ever need to use the magnetic swipe on a machine - you know how sometimes the chip doesn't read and you need to do this.

If anyone wants to do any of these things make sure you use a very bright torch to shine through the card so that you know exactly where the aerials/conductors are - some of them are quite close to things you are cutting out. It is also very easy to slip with a razor blade and if you run it over the chip it's the end of the card.

SomeoneSomewhere

1804 posts

Uber Geek

Lifetime subscriber

#3293248 5-Oct-2024 19:10

Would you expect any cashier to accept the card though? I wouldn't be surprised if you had a few spotting the holes and the VOID VOID VOID and refusing it.

boosacnoodle

963 posts

Ultimate Geek

#3293298 5-Oct-2024 19:15

A magstripe reader is a few dollars, if that. All of this is pointless if you don’t wipe the magstripe.

GoodSync

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).

SimonGilmour

31 posts

Geek

#3293299 5-Oct-2024 19:40

boosacnoodle: A magstripe reader is a few dollars, if that. All of this is pointless if you don’t wipe the magstripe.

Are you saying that the expiry date is encoded on the magnetic strip also?

I doubt most dodgy people would bother to get a reader.

SimonGilmour

31 posts

Geek

#3293300 5-Oct-2024 19:42

SomeoneSomewhere:

Would you expect any cashier to accept the card though? I wouldn't be surprised if you had a few spotting the holes and the VOID VOID VOID and refusing it.

What on earth are you talking about? Several have noticed so far and asked about it. They aren't going to stop you using it in an eftpos machine. If it works it works.

Oblivian

7297 posts

Uber Geek

ID Verified

#3293313 5-Oct-2024 21:02

What on earth are you talking about? Several have noticed so far and asked about it. They aren't going to stop you using it in an eftpos machine. If it works it works.

But they can. "We’re not responsible if a merchant, bank or financial institution won’t accept your ANZ credit card". Right there in the card usage terms.

I'd have imagined, seeing the VOID is exactly that. Given a term of issue/use is that the card be signed by the holder. While remaining the banks property. Effectively willful damaged it, and voiding. Most probably granting them an out of all the other protections.

Are you saying that the expiry date is encoded on the magnetic strip also?

Yep. And by the looks, in some cases the retailer also becomes more liable (EVM Liability shift) by accepting.

"It contains the card number, the customer name, the expiration date, service code, and card verification code (CVC)"

Whereas..

"The contactless card or payment-enabled mobile/wearable device securely transmits information including the account number, expiration date, and a one-time code that changes for every in-person transaction. The code is different than the code encoded on the magnetic stripe of a Visa card."

And why it is encouraged to use that and insert rather than swipe. Also why electronic wallets need to phone-home occasionally as they only store a number of queued transaction ready codes.

richms

28175 posts

Uber Geek

Trusted

Lifetime subscriber

#3293315 5-Oct-2024 21:50

SomeoneSomewhere:

Would you expect any cashier to accept the card though? I wouldn't be surprised if you had a few spotting the holes and the VOID VOID VOID and refusing it.

They never see the card tho? This isnt the backwater US where they walk off with it and clone it and bring you the docket to put the tip amount on and sign for them to only go and change it later on

Richard rich.ms

neb

11294 posts

Uber Geek

Trusted

Lifetime subscriber

#3293320 5-Oct-2024 22:09

SimonGilmour:

Aerial cut to permanently disable paywave
Last 8 digits cut off so can't be used by finder
Expiry date cut out
My name cut out
Customer number cut out
Signature strip scraped off so can't be signed or signature forged - "void"

Having your credit card details lifted from a compromised server or web site: Priceless.

neb

11294 posts

Uber Geek

Trusted

Lifetime subscriber

#3293322 5-Oct-2024 22:14

Oblivian: I'd have imagined, seeing the VOID is exactly that. Given a term of issue/use is that the card be signed by the holder. While remaining the banks property. Effectively willful damaged it, and voiding. Most probably granting them an out of all the other protections.

Some folks at Cambridge Uni ran a study at the time the CC vendors were adding photos to cards to see if anyone paid any attention to them. Result: Nope, no-one checked (this is probably why the photos were discontinued not long afterwards). This spurred others to see what it would take to get a merchant to refuse a card in terms of bogus signatures: Sign it Mickey Mouse, draw a stick figure, mark it with an X, leave it unsigned, makes no difference. If a "signature" that's a drawn stick figure doesn't get noticed I doubt the VOID will either.

SomeoneSomewhere

1804 posts

Uber Geek

Lifetime subscriber

#3293338 5-Oct-2024 23:46

I agree that most merchants aren't checking for defaced cards. But that's not the same as always letting it slide if they notice it by coincidence.

From a few policies:

SmartPay Merchant Agreement: (which is clearly never ever complied with)

The Merchant shall only accept a Card for payment after it has confirmed all of the following (if applicable):

The Card has not been defaced, tampered with or altered in any manner or is not reasonably suspected of being
a counterfeit;
In respect of a Credit Card, it bears the corresponding hologram and the same has not been damaged or blurred;
In respect of a Credit Card, the first four digits of the card number embossed on the card face are the same as
the four-digit number printed immediately above or below
In respect of a Card, it bears the specimen signature of its cardholder at the back and the same has not or is not
reasonably suspected of having been tampered with or altered in any manner
[...]
The Merchant shall not accept the following Cards for use in the System:

A Card without specimen signature of the Cardholder on the back of the Card, or Credit Cards with specimen of
signatures that are unclear or that have been altered.
[...]

ANZ Merchant Agreement:

You must seek prior authorisation [...] the signature panel on the Nominated Card is blank or the signature has
been altered or defaced;

Choice Backpackers:

To qualify for Check-In, You agree to present upon Check-In a hard copy of your Valid ID, the
physical Valid Credit Card used to make the reservation and the reservation confirmation.

Valid Credit Card
Meaning a physical hard copy of a VISA or MASTERCARD credit card, which will not have expired on
the reservation’s Check-Out date, which holds the name of the guest for that reservation, which can
be physically produced for inspection upon check-in, which is signed, which is not defaced, and which
at any time between making the reservation and the check-out date is not blocked, is activated for
international online purchases, and holds funds equal to or in excess of the sum of 2 times the total
amount of the reservation plus NZD 100.00.

My understanding is that needing to see ID and the matching credit card sometimes ends up as part of know-your-customer at hotels and other accommodation. Showing up at a hotel in a different city with an 'invalid' card is about the worst possible time for a receptionist to say they can't accept it.

SimonGilmour

31 posts

Geek

#3293385 6-Oct-2024 00:05

neb:

Having your credit card details lifted from a compromised server or web site: Priceless.

I never use this card online, and online transactions are always turned off.

I have another card which I only use online. All transactions are always turned off on this one and only turned on for a minute or two when I transact online.

1 | 2 | 3 | 4 | 5 | 6