CVV code request

gambblex

Expanding Wild
Joined
Jul 16, 2007
Location
UA
Hi!

In all my experience of online shopping I was only once requested for some verification PWK namely for the statement for the card used (not even copy of the card or verification form)

But recently I placed an order at online shop and got a request to fill in the Auth form and card F&B. And also gov. iss. ID (that was a bit weird)

Security purposes,sure,np.

It's ALWAYS been advised everywhere if your card copy is needed to block middle digits. And always recommended not to disclose your CVV to any single person in the whole world,correct?

And what should I think when their support is telling me that they need me to uncover middle digits? And they ask me why I covered digits on the back:eek2:I ask them :"So you need my CVV code as well?"- "Yes",was the answer from the supervisor.

:eek:

Basically,I could put up with a request to open all digits on the front but WTF are they going to do with my CVV code? So I can feel invulnerable security-wise with such requests?:puke:

Opinions welcome
 

Suave

Dormant account
Joined
Aug 11, 2010
Location
Europe
Hi!

In all my experience of online shopping I was only once requested for some verification PWK namely for the statement for the card used (not even copy of the card or verification form)

But recently I placed an order at online shop and got a request to fill in the Auth form and card F&B. And also gov. iss. ID (that was a bit weird)

Security purposes,sure,np.

It's ALWAYS been advised everywhere if your card copy is needed to block middle digits. And always recommended not to disclose your CVV to any single person in the whole world,correct?

And what should I think when their support is telling me that they need me to uncover middle digits? And they ask me why I covered digits on the back:eek2:I ask them :"So you need my CVV code as well?"- "Yes",was the answer from the supervisor.

:eek:

Basically,I could put up with a request to open all digits on the front but WTF are they going to do with my CVV code? So I can feel invulnerable security-wise with such requests?:puke:

Opinions welcome

:eek:

Could you name the casino at least? I have never ever heard of such a request.
 

gambblex

Expanding Wild
Joined
Jul 16, 2007
Location
UA
No, it's not a casino that's why I posted this in "Other complaints" .It's a health supplements store,pretty well known

I asked them not once if they realize what they're asking for and what the consequences may be.

It's not just dumb it smells with a criminal activity.How can any policy justify the very request for disclosing such confidential details?
 

just play

closed account
Joined
Jan 27, 2006
Location
USA
I would talk to another supervisor, the one you talked to obviously didn't know what s/he was talking about.

Or...you can email the company and see what they say.

I order online at quite a few different places and never been asked to show proof of anything...I think the things they asked you seems very odd, and I'm not even talking about the CVC number...onto that...no way in hell would I ever give them that.

Maybe contact your credit card company and tell them which place this is and what they are trying to do. I'm sure they would advise against it.

I hope you didn't place the order. :eek:
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
No, it's not a casino that's why I posted this in "Other complaints" .It's a health supplements store,pretty well known

I asked them not once if they realize what they're asking for and what the consequences may be.

It's not just dumb it smells with a criminal activity.How can any policy justify the very request for disclosing such confidential details?

even simpler ask your cc bank prob solved :notworthy they might put the store on the carpet
for not in compliance
 

Suave

Dormant account
Joined
Aug 11, 2010
Location
Europe
even simpler ask your cc bank prob solved :notworthy they might put the store on the carpet
for not in compliance

How would that work for sure? I say just use wire transfer or any type of ewallet on that site. I'd like to know the name of the site...there is no point keeping it secret. And I would not like this to happen to me as well.
 

gambblex

Expanding Wild
Joined
Jul 16, 2007
Location
UA
I hope you didn't place the order. :eek:



Did.That's when all the BS started but I requested a refund and will check my card in a couple days.

I shop online quite extensively but only once my order was put on hold because it was considered large.

Checking this with the bank is a measure by default so I guess I will do.

If someone interested it's A1Supplements.com so you may ask what your CC image must look like.
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
How would that work for sure? I say just use wire transfer or any type of ewallet on that site. I'd like to know the name of the site...there is no point keeping it secret. And I would not like this to happen to me as well.

well nothing but tax's and death are for shure , that said the banks / credit card companies dont want to have service with rogue vendors , so the fraud dept might scold them or revoke their rights
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
well nothing but tax's and death are for shure , that said the banks / credit card companies dont want to have service with rogue vendors , so the fraud dept might scold them or revoke their rights

Don't bank on it. Many rogue businesses rely on lax controls from the banks, and if you complied with such a request, the banks would blame the CUSTOMER for being careless. The merchant would wriggle out of it somehow.

There would only be action taken if a number of complaints surfaced, and you had PROOF of such requests being made.

Don't just tell the bank, print off evidence of this request, and evidence of continued obstruction to your desire to protect the middle digits and security code on the back of the card.

Banks DO issue advice to customers, and this is NOT to give this information to "people", rather it is to be used ONLINE, and ONLY through a secure site. This is because the company CANNOT normally see and copy these details, and validation is done through encrypted channels.

Both VISA and Mastercard have introduced an additional layer of verification to protect online transactions, VISA Secure, and Mastercard securecode. They add the requirement for the customer to further validate the transaction with a password, as well as the 3 digit code on the card. This password must NOT be given over the phone (as one casino at least is reported to have asked a player to do), it is ONLY to be entered on the BANKS' validation page, NOT the merchants' page.

This particular merchant appears worried about online card fraud, yet REFUSES to use these official measures, preferring instead to ask customers to break the terms of their card issuer to give them assurance "on the cheap".

If anything goes wrong though, the customer may find the banks REFUSE to pay out BECAUSE the customer gave the merchant this data, when the card terms stated this should NOT be done.

What is even worse is that the merchant took the money, and THEN sprung this requirement.

A complaint to the card issuer is the best option, and only if THEY give permission should you comply with the request from the merchant. If the bank take fright at this kind of request being made, the merchant WILL find itself in trouble, and the card networks will wonder how "routine" this practice has become, since losses due to online fraud are INCREASING, and they are likely to see such inappropriate requests from merchants as creating the means by which criminals get hold of the data they need to perpetuate such fraud.

I DID once complain to VISA when Winward casino "required" me to reveal EVERYTHING on my card, and VISA asked me whether I wanted to make a formal "adverse merchant report" against their processor. VISA did also say that the risk involved was "minimal", and that I would be OK complying with the request. Interestingly though, when I told Winward I had asked VISA themselves for guidance, they did a U-turn, and accepted the image with the middle digits and security code blacked out.

I now routinely edit card images to remove the code & middle 8 digits, and no other casino so far has objected to this.
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
I am sorry but I don't get the fuss anymore. There is paypal right there as a payment method. :rolleyes:

The fuss is about all this being requested AFTER THE FACT. The requests being made are AGAINST VISA/MASTERCARD TERMS OF USE, so NO merchant has any damn business making such requests in the first place. The availablilty of alternate payment methods is irrelevant.

Paypal is safer, since it acts as a middle-man application between the card & and merchant, which means that NONE of this card information gets as far as the merchant. The risk is that the merchant will "mislay" this card image data, and it will get used by fraudsters.

Paypal may be safer, but did the OP want the hassle of making an account, waiting 5 days before ordering, etc. When someone places an online order, they want it "now". Paypal is for the future.
A virtual card is also just as good, since it's information can only be used once for that order. Fraudsters will not be able to get the same data to work again elsewhere. I believe that each time a virtual card is used, a random number and codes are generated for that transaction, and will only work the once. The next transaction requires a new random number and code, which only the PC with the virtual card software installed on can create.
 

Suave

Dormant account
Joined
Aug 11, 2010
Location
Europe
The fuss is about all this being requested AFTER THE FACT. The requests being made are AGAINST VISA/MASTERCARD TERMS OF USE, so NO merchant has any damn business making such requests in the first place. The availablilty of alternate payment methods is irrelevant.

Paypal is safer, since it acts as a middle-man application between the card & and merchant, which means that NONE of this card information gets as far as the merchant. The risk is that the merchant will "mislay" this card image data, and it will get used by fraudsters.

Paypal may be safer, but did the OP want the hassle of making an account, waiting 5 days before ordering, etc. When someone places an online order, they want it "now". Paypal is for the future.
A virtual card is also just as good, since it's information can only be used once for that order. Fraudsters will not be able to get the same data to work again elsewhere. I believe that each time a virtual card is used, a random number and codes are generated for that transaction, and will only work the once. The next transaction requires a new random number and code, which only the PC with the virtual card software installed on can create.

I don't think we function the same way, sorry. When I see paypal on a site, it's a no brainer, I just go for it - no cc. And where did you get that paypal was ''for the future''? 5 days etc. First time I hear this (?).
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
I don't think we function the same way, sorry. When I see paypal on a site, it's a no brainer, I just go for it - no cc. And where did you get that paypal was ''for the future''? 5 days etc. First time I hear this (?).

You ASSUME the OP already has a PayPal account. If someone does not already have one, it takes at least 5 days to get it up & running, so in this respect it is "for the future".

PayPal is also not as widely available as credit cards. Some simply do not trust it now that it is part of eBay. They see eBay as "arrogant", and not willing to engage with customers, preferring an "arms length" relationship. Unlike credit cards, the consumer credit act does NOT apply to PayPal transactions, so users rely on PayPal's own scheme. Since there are no rights in law, some customers have discovered the hard way that PayPal promises more than it lives up to.

If you DO have PayPal though, you are more secure in terms of the merchant getting hold of your card data.

None of this excuses the outrageous request from the merchant, and this should really be discussed with the issuing bank, who can decide whether this merchant needs a reprimand.
 

gambblex

Expanding Wild
Joined
Jul 16, 2007
Location
UA
Checked my balance lately,looks like the card wasn't even charged.

As for Ppal-I know some people just love it ,no idea why though. Maybe for eBay users it's very convenient but I'm not that into it.

Not a big deal to register a pp account and I have one because I was forced to use Paypal checkout at one site no matter I used Visa as usually.It was my one and only experience with pp,and I got the double currency conversion without any reason.My order was in USD and card currency was USD.
Maybe it was my fault and of course my "responsibility" but now I feel kinda squeamish when I see ppal logo.
 
Top