[Owasp-leaders] Summit Regonline

Jason Li jason.li at owasp.org
Tue Jan 11 23:59:14 EST 2011


Agreed - but it's the *existence* of the CVV2 in general that provides the
warm and fuzzy.

The fact that a merchant does not ask for the CVV2 doesn't make a difference
from the cloning perspective, right?

In fact, I think you could argue that if a merchant does *not* ask for CVV2,
a user is in fact better off from a personal security perspective.

-Jason


On Tue, Jan 11, 2011 at 11:33 PM, Matthew Chalmers <
matthew.chalmers at owasp.org> wrote:

> It makes users feel warm and fuzzy because it's less likely that their card
> can be used if cloned from the stripe only. :)
>
>
> On Tue, Jan 11, 2011 at 10:26 PM, Jason Li <jason.li at owasp.org> wrote:
>
>> The CVV2 code is not technically required to make a credit card payment in
>> the US (some European countries do require it).
>>
>> From a *user* security perspective, I don't think there's a significant
>> impact for *not* providing a CVV2 code...
>>
>> But I'm sure someone will point it out if I'm wrong :)
>>
>> -Jason
>>
>> On Tue, Jan 11, 2011 at 6:28 PM, Ofer Maor <ofer.maor at owasp.org> wrote:
>>
>>> Am I the only one who feels uncomfortable that the regonline site did not
>>> ask for my CVV when taking my credit card for the booking?
>>>
>>> * *
>>>
>>> *---*
>>>
>>> *Ofer Maor*
>>>
>>> *CTO, Hacktics***
>>>
>>> *Chairman, OWASP Israel*
>>>
>>>
>>>
>>> Mobile: +972 (54) 6545406
>>>
>>> US: +1 (646) 7700646
>>>
>>> Office: +972 (9) 9565840
>>>
>>> Fax: +972 (9) 9500047
>>>
>>> LinkedIn: http://www.linkedin.com/in/ofermaor
>>>
>>> Web: www.hacktics.com
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110111/9437e239/attachment-0001.html 


More information about the OWASP-Leaders mailing list