IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [credit-card]

Payment cards. For questions about storing credit card numbers, see also pci-dss. For questions involving the physical object, see also smartcard (if the card has a chip).

This tag is about credit cards and other payment cards.

If you're storing credit card numbers, then you may be required to comply with the Payment Card Industry Data Security Standard (PCI DSS). See the tag .

More and more credit cards contain a chip, which makes them a smart card. See the tag .

442 questions
49
votes
8 answers

What prevents web shop owners from misusing credit card data?

I don't own a credit card but read much about fraud with stolen credit cards. Since I don't own one, I don't know how you exactly buy online using your credit card, so please correct me, if I am wrong (and I hope so). Customer choses articles in…
sweet home
  • 593
  • 5
  • 7
48
votes
5 answers

How does a website instantly know if a certain credit card number is wrong?

I was renewing my Internet subscription through the online portal of my ISP. What struck me was when I was entering my credit card details, I entered the type of my credit card (MasterCard, Visa, AA, etc), and when I entered the numbers, there was…
tony9099
  • 779
  • 1
  • 5
  • 10
46
votes
8 answers

Hashing a credit card number for use as a fingerprint

What's the best way to hash a credit card number so that it can be used for fingerprinting (i.e. so that comparing two hashes will let you know if the card numbers match or not)? Ideally, I'm looking for recommendations of which hash + salt might…
FloatingRock
  • 791
  • 1
  • 6
  • 12
44
votes
8 answers

Amazon let me place an order without me ever being asked for 3-D secure password

I have set a "3-d secure password" for my debit card, on my bank's website. But when I purchased something in amazon.co.uk, I went through the whole process without ever being asked for that 3D password. I was asked for a card number and its…
Stefan Monov
  • 959
  • 1
  • 7
  • 10
42
votes
3 answers

Why are my plastic credit card and activation code sent separately?

Capital One recently sent my plastic credit card by post mail and its activation code by a separate post mail. What security problem does this mitigate? If a rogue element has access to my mail box or home, they will have both the plastic card as…
Lord Loh.
  • 559
  • 4
  • 7
39
votes
4 answers

Convince the company not to store credit card numbers in our webapp

The company I work for needs a system to perform monthly credit card charges to customer accounts. Customers will be able to update their credit card information from an online interface written in PHP (which will be presented through HTTP over…
M8R-53mg86
  • 393
  • 3
  • 5
39
votes
6 answers

Which parts of a credit card can I obfuscate and still have it be valid

I was recently the victim of credit card fraud and I suspect it is from a merchant somewhere keeping track of my credit card details. I cancelled the card and received a new one, but I would like to make it as difficult as possible for criminals in…
8bitme
  • 493
  • 1
  • 4
  • 6
39
votes
1 answer

Is CVV calculated or merely assigned?

Is the 3-digit (4-digit for those acolytes of standardization, American Express!) CVV/CSV/CVC calculated from card number and expiration date, or is it merely assigned? I know that once when I got a renewed Visa, it had the same 16-digit account…
Bruce Ediger
  • 4,552
  • 2
  • 25
  • 26
36
votes
3 answers

Why don't popular web services mask the CVV?

Most popular web services like PayPal, Google Wallet, and others do not mask CVV numbers, eg: (). As I read, the CVV is a security feature and it seems logical to mask it in order to hide it from prying eyes. But I haven't see…
Paul Annekov
  • 463
  • 1
  • 4
  • 6
33
votes
5 answers

How can Paypal know my card is being used in another account?

I have a credit card saved to my primary Paypal account. To make a long story short, I needed to make another Paypal account that would not be connected to my original one. I used a different computer, which had never been logged in to my original…
TheAsh
  • 495
  • 1
  • 4
  • 6
30
votes
4 answers

How can a website verify that my phone number belongs to me?

I was signing into a Capital One credit card website that I hadn't used in a long time, and once I entered my user name and password, it requested my mobile phone number for additional verification. I entered my number, and I was given a short, < 10…
JPhi1618
  • 490
  • 1
  • 5
  • 8
30
votes
4 answers

Hotel reservation. How is this secure with only credit card number and expiry date?

Until today I managed to avoid paying online with my credit card (I'm weird, I know...) but somehow I managed to do it. Today though I had to book a hotel room (on booking.com) that required a deposit. I entered the card issuer, card number and card…
ILikePaperMoney
  • 271
  • 1
  • 3
  • 5
29
votes
1 answer

Are credit-card security codes theoretically insecure (if not entirely broken) already?

I was reading the Wikipedia article on Card security codes (CSC, CVD, CVV, CVC, V-code, SPC, CID, CV2, CVN2, CAcronym2, etc) and a certain assertion caught my eye (emphasis mine): The CSC for each card (form 1 and 2) is generated by the card issuer…
Dai
  • 1,686
  • 1
  • 13
  • 20
26
votes
7 answers

Recourse if debit card was used on a suspicious website

My husband got a pop-up ad on his phone for a fashion website and purchased two pairs of sunglasses using our debit card. The confirmation was emailed to me (marked as spam by gmail), and the site seemed very suspicious to me: the URL is nonsense,…
thumbtackthief
  • 687
  • 2
  • 7
  • 11
24
votes
4 answers

What is the use of stolen credit card details?

What can a person with stolen credit card details do? Buy porn? Buy tons of server resources to perform an attack? What else? I'm sure that if he buys books, shoes and bicycles or transfer funds to his account they'll eventually find and arrest…
cherouvim
  • 360
  • 1
  • 2
  • 6
1
2
3
29 30