Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor. If investing please consider our affiliate links for new accounts: Sharesies or Hatch. To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



ToPGuNZ

312 posts

Ultimate Geek

Lifetime subscriber

#129495 18-Sep-2013 08:44
Send private message

Over the past few months I have been asked by businesses over the phone to give out the following credit card information.

Card number.
Expiry Date.
Name.
3 digit security number.

I have declined each time and said I was very uncomfortable giving out all this info especially the 3 digit number over the phone. They seemed very surprised so I wonder how much this is now going on.

Am I correct in the assumption that once a person has all this info they could go to any website and order what they please? I cannot think of anything else they need that would stop them placing orders. I will keep saying no but wonder when it will start becoming a problem and the card manufacturers have to come up with another new security measure.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
Affiliate link
 
 
 

Affiliate link: MyHeritage DNA test kit helps you discover your ethnicity results, DNA genetic groups, family relatives.
tardtasticx
3032 posts

Uber Geek


  #897335 18-Sep-2013 08:52
Send private message

What makes them different to websites? Websites could still harvest that information if you weren't paying attention, and then use that to buy whatever they want also. It's the risk you take by having a credit card. Other alternatives would be cheques or a virtual disposable credit card.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


Inphinity
2701 posts

Uber Geek

Subscriber

  #897337 18-Sep-2013 08:54
Send private message

Lots of places online still don't need the CVV, so even giving out the other info is plenty for them to go shopping if they were so inclined. However, most places should be doing some form of address verification if they don't use CVV (and quite a few even if they do).

At the end of the day, no security measure is going to be completely effective when companies require you to provide all the billing-required details over the phone, at least not without severely impacting the convenience of the payment method.

I simply don't deal with companies that require me to give card details via phone/fax/post - give me a link to your secure site where I can enter them, thanks.


SaltyNZ
6186 posts

Uber Geek

Trusted
Lifetime subscriber

  #897338 18-Sep-2013 08:54
Send private message

Well, yes, they do need that information in order to process a transaction. How else do you expect it to happen? Now, if they are *storing* it, then there are very strict rules in place to protect it. They may not be storing it, and instead passing it to a payment processor and then deleting it. (If the payment processor stores it, then *they* have to comply with the rules).

But the bottom line is, if you want to pay by credit card over the phone, then you need to give somebody your credit card details. If you don't want to tell it to a person on the phone, then don't.




iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.




SaltyNZ
6186 posts

Uber Geek

Trusted
Lifetime subscriber

  #897339 18-Sep-2013 08:55
Send private message

Inphinity: Lots of places online still don't need the CVV, so even giving out the other info is plenty for them to go shopping if they were so inclined. However, most places should be doing some form of address verification if they don't use CVV (and quite a few even if they do).

At the end of the day, no security measure is going to be completely effective when companies require you to provide all the billing-required details over the phone, at least not without severely impacting the convenience of the payment method.

I simply don't deal with companies that require me to give card details via phone/fax/post - give me a link to your secure site where I can enter them, thanks.



IIRC, CVV isn't mandatory to process a transaction, but if supplied it must be correct. I believe CVV is not subject to check-digit rules like the credit card number itself, and is a truly random 3 digit number.




iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.


ToPGuNZ

312 posts

Ultimate Geek

Lifetime subscriber

  #897340 18-Sep-2013 08:56
Send private message

I feel safer using websites. Giving it to a person who is writing it down on a piece of paper seems very unsafe. I suppose it is all a matter of risk avoidence/acceptance.

johnr
19282 posts

Uber Geek
Inactive user


  #897343 18-Sep-2013 08:57
Send private message

Bit OTT they require this number

Kyanar
3436 posts

Uber Geek

Trusted
Subscriber

  #897344 18-Sep-2013 08:58
Send private message

The CVV isn't even required to make a purchase. The requirement is that if it's provided, that it be correct. However if the CVV isn't provided by the merchant then the transaction will be accepted anyway. Certain classes of merchant can even charge an expired credit card!

You're not doing yourself any favours refusing to hand that info to businesses with whom you are transacting to be honest. Any business with a merchant account is required to abide by strict data security standards (PCI) and if they do steal your number you are not liable for any fraudulent transactions anyway.

That's on top of the fact that banks monitor transactions anyway and if they detect usage which doesn't match your "profile" they will block your card and contact you.

If you trust the company enough to do business with them, there's really no point in refusing to hand them your card information.



Handsomedan
4691 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #897345 18-Sep-2013 08:59
Send private message

ToPGuNZ: I feel safer using websites. Giving it to a person who is writing it down on a piece of paper seems very unsafe. I suppose it is all a matter of risk avoidence/acceptance.

You'd be surprised at how security varies on small merchants' websites.

Not a lot safer online than over the phone, IMO....






Handsome Dan Has Spoken.
Handsome Dan needs to stop adding three dots to every sentence...

 

Handsome Dan does not currently have a side hustle as the mascot for Yale 

 

 

 

*Gladly accepting donations...


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #897346 18-Sep-2013 08:59
Send private message

ToPGuNZ:  I will keep saying no but wonder when it will start becoming a problem and the card manufacturers have to come up with another new security measure.


This is exactly how card not present transactions with credit cards have worked for the last 30 odd years. I doubt anything will change anytime soon, except for the fact card not present transactions are declining rapidly.

At the end of the day giving your CVV number is no more insecure that giving your card number over the phone or handing your physical card to somebody in a store to insert into their terminal.



Kyanar
3436 posts

Uber Geek

Trusted
Subscriber

  #897348 18-Sep-2013 09:02
Send private message

Inphinity: Lots of places online still don't need the CVV, so even giving out the other info is plenty for them to go shopping if they were so inclined. However, most places should be doing some form of address verification if they don't use CVV (and quite a few even if they do).

At the end of the day, no security measure is going to be completely effective when companies require you to provide all the billing-required details over the phone, at least not without severely impacting the convenience of the payment method.

I simply don't deal with companies that require me to give card details via phone/fax/post - give me a link to your secure site where I can enter them, thanks.



Side note: in a lot of cases, when you enter your credit card number on the website, all that happens is that it gets automatically faxed/printed for a human to enter manually in their POS terminal.  This is the case with pizza places (Hell Pizza the lone exception, as they have an online merchant account and process the transaction when you enter the number) and a lot of hotel booking sites (booking.com is one example).  So really there's no real benefit to being all "nope, only entering it online" either.

SaltyNZ: Well, yes, they do need that information in order to process a transaction. How else do you expect it to happen? Now, if they are *storing* it, then there are very strict rules in place to protect it. They may not be storing it, and instead passing it to a payment processor and then deleting it. (If the payment processor stores it, then *they* have to comply with the rules).

But the bottom line is, if you want to pay by credit card over the phone, then you need to give somebody your credit card details. If you don't want to tell it to a person on the phone, then don't.


Also, merchants are required to not store the 3 digit CVV code.  But it's not required for a transaction anyway.  Catch-22.

Inphinity
2701 posts

Uber Geek

Subscriber

  #897362 18-Sep-2013 09:09
Send private message

SaltyNZ:

IIRC, CVV isn't mandatory to process a transaction, but if supplied it must be correct. I believe CVV is not subject to check-digit rules like the credit card number itself, and is a truly random 3 digit number.


Correct.

I feel safer using websites. Giving it to a person who is writing it down on a piece of paper seems very unsafe. I suppose it is all a matter of risk avoidence/acceptance.


If they are taking the CVV, they should not be hand writing it on paper (imo). If they are, there must be strict processes in place to destroy the paper in an unreadable, non-recoverable manner immediately after the transaction is completed. Merchants may not store, even if encrypted, a CVV, full magstripe data, or the PIN block, after the transaction is completed (this includes on audio recordings of a phone call, btw).

In nearly all cases, the call taker should be entering the details directly in to their internal billing system(s) in a secure manner.

Kyanar:
Side note: in a lot of cases, when you enter your credit card number on the website, all that happens is that it gets automatically faxed/printed for a human to enter manually in their POS terminal.


Yes, that's true in some cases, it's just personal preference for me to do this than verbally provide all the details over the phone for a number of reasons.

Geektastic
16710 posts

Uber Geek

Trusted
Lifetime subscriber

  #897395 18-Sep-2013 09:27
Send private message

ToPGuNZ: Over the past few months I have been asked by businesses over the phone to give out the following credit card information.

Card number.
Expiry Date.
Name.
3 digit security number.

I have declined each time and said I was very uncomfortable giving out all this info especially the 3 digit number over the phone. They seemed very surprised so I wonder how much this is now going on.

Am I correct in the assumption that once a person has all this info they could go to any website and order what they please? I cannot think of anything else they need that would stop them placing orders. I will keep saying no but wonder when it will start becoming a problem and the card manufacturers have to come up with another new security measure.


Are credit card companies not liable for fraudulent use where you are not at fault? They are in the UK.





Inphinity
2701 posts

Uber Geek

Subscriber

  #897402 18-Sep-2013 09:32
Send private message

Geektastic:
Are credit card companies not liable for fraudulent use where you are not at fault? They are in the UK.


Mastercard and Visa both provide zero liability fraud protection to the consumer (I believe both exclude business cards from this... they used to, anyway, but this may have changed) provided you have taken all reasonable steps to protect your card data and that you notify then as soon as possible once you are made aware of either the fraud or the degradation of card security (e.g., card is lost). I believe both waive this protection if the fraudulent transaction is completed with a correct PIN. I don't know about the less common (here, anyway) credit providers like Amex and Diners, though I'm sure they'd have similar policies in place.

Kyanar
3436 posts

Uber Geek

Trusted
Subscriber

  #897480 18-Sep-2013 10:54
Send private message

Geektastic:

Are credit card companies not liable for fraudulent use where you are not at fault? They are in the UK.


No, they are not liable.  All the merchants end up liable, as the card issuers chargeback all the transactions.   Which means that this eventuality is built into store margins, which means ultimately you're liable for it whether your card is ever stolen or not.

Geektastic
16710 posts

Uber Geek

Trusted
Lifetime subscriber

  #897529 18-Sep-2013 11:39
Send private message

Kyanar:
Geektastic:

Are credit card companies not liable for fraudulent use where you are not at fault? They are in the UK.


No, they are not liable.  All the merchants end up liable, as the card issuers chargeback all the transactions.   Which means that this eventuality is built into store margins, which means ultimately you're liable for it whether your card is ever stolen or not.


Time for a law change then.

In the UK they are even liable to replace faulty goods paid for using their cards!!





 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.