Answer the question
In order to leave comments, you need to log in
Is it so easy to pick up cvc/cvv?
Hello! Yesterday I debugged some code that is executed when you enter incorrect bank details when paying for an item.
In the process of debugging, I entered incorrect data 150 times, of which 30 times - incorrect CVV. At the same time, nothing happened to my card (one of the largest Russian banks), it was not blocked.
Therefore, the question arose: Do banks really not block cards during CVV brute force? Why then does PSI DSS forbid it from being stored if it is so easy to hack?
Answer the question
In order to leave comments, you need to log in
Dmitry : you are mistaken) in Russia only a swindler returns funds to the victims, in the USA the bank returns. I’ll even say more in the Russian Federation, sometimes they even force the victim to file a claim, although he may not be aware at all and live in peace without noticing the missing amount. Well, "very" logical explanatory notes in such cases are written ... ala, an employee of the bstm called me, said, I checked the funds, this is all after a month +. And it always ends with "the damage was significant for me."
In general, it depends more on the client himself, who needs it - he will return it, he fusses.
Brutal, why not? many bottle necks in a good sense are scattered to this day, to the stupidity of the head box of developers, or to the delight of competent researchers)
I am sure that a simple person, with all the desire, will not be able to brute force him. Timeouts, IP ban, restriction of input attempts.
CVC/CVV is not brute force - it is stupidly stolen using the user's naivety and stupidity, phishing, injections and other mechanisms.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question