Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
@
@
@binariti2014-01-23 15:47:04
Payment systems
@binariti, 2014-01-23 15:47:04

Internet payments using CVC2

In recent years, there has been an increase in online payment fraud. I would like to find out for myself finally some details regarding such payments.
Are the following statements true?
1. There are payment systems, for making payments through which it is enough to know only the data that is printed on the card itself - number, date, surname, CVC2. Thus, for an unauthorized transfer of funds, it is enough just to take a picture of the card from the back.
2. CVC2 can be selected by brute force, knowing the rest of the data.
3. This type of fraud is a disease of Russia, it is mostly defeated abroad.
4. Cancellation of transactions not authorized by the cardholder in Russian banks is either impossible or extremely difficult. The cardholder must prove that he did not receive any services.
5. Cancellation of transactions in foreign banks not authorized by the cardholder is very simple. The recipient of money must prove in these cases that he provided the service. (Presumption of innocence of the cardholder)
6. The cardholder must remove the CVC2 from the back (keep it secret like the pin) of the card in order to ensure the security of his card.
7. Salary cards with CVC2 code are not reliable, they are not originally intended for online payments. It is best to withdraw the entire salary at once, and make payments on the Internet through temporary virtual wallets and not show your salary card number anywhere.
8. It is not necessary to indicate the surname / address when paying, you only need to know the number, date and CVC2.
9. Anyone can place the form for entering card payment details on their website. (fake forms are possible) It is not possible for an ordinary user to find out the addresses of pages of this kind authorized by banks.
Provide links to relevant articles.
I'll add this one ( Several questions on bank cards ) link, it asks questions that could be asked in the continuation of this list.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
@
@ntkt, 2014-01-23
_

1. Yes (*), just don't confuse purchases = e-commerce retail with transfers. Online purchases are made using the details printed on the card. Transferring money from a card is a different service (Visa MoneyTransfer / MasterCard MoneySend).
2. Yes (*), in theory, but in practice, an attacker will be blocked very quickly after several attempts.
3. No, it's different everywhere.
4. No, from January 1, 2014 - the rules have changed. You have 24 hours to report a fraudulent transaction.
5. No, it's different everywhere.
6. No, this is damage to the card - bank property, not the best idea. First, you just need to find out in your bank, without any clever words, "is it possible to completely prohibit purchases on the Internet using this card," and that's it. If possible, order this service and try to check it in a couple of days. If not, then how lucky.
7. What does "not intended" mean? If possible, then "intended". It's just that your safety is only in your hands, in any case. Show initiative, in the end, when you conclude an agreement on issuing a card, you can ask all the questions.
8. Rather not, but not all banks in Russia and the world reliably verify this data.
9. Yes (*), but the question of trust in a merchant in the world has not been resolved at all, nowhere and in no way. In the same way, there can be fake ATMs, and terminals, and at least a whole fake physical bank office.
Links are sad. It is rather difficult to adequately reveal the topic for the consumer in a digestible form and volume of text. Or there will be advice like "use virtual cards, protect your PC and smartphone from evil viruses, check the HTTPS icon in the browser", etc.

Report
A
Andrew, 2014-01-23
@OLS

In addition to ntkt's answer:
6. Many banks issue a series of cards specifically without CVV2/CVC2 code - so that they are immune to online theft. Ask at your bank.
7. Better to have 2 cards. Salary not to pay on the Internet and suspicious points of sale.
8. Yes. There are noname cards - they only have a number, expiration date and CVV2 / CVC2, and at the same time they are accepted for online payment in many cases.

Report
P
Puma Thailand, 2014-01-24
@opium

On the protection of credit cards, I wrote quite a lot here
pumainthailand.com/zashhishhaem-svoi-bankovskie-ka...

Similar questions
D
Dmitry2017-01-08 13:02:45
How to implement user balance in my web application? 2Reply
L
loker2017-01-08 22:10:50
Payment aggregators, which ones to choose for the lottery? 2Reply
P
Pavel Zhukau2017-01-14 20:41:56
API for international c2c transfers? 0Reply
V
Vladimir2017-01-16 20:06:38
How to accept a response from liqpay? 1Reply
V
Vladislav2017-01-20 07:40:16
Online store on what? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question