What are the security implications of my credit card number being known by someone else?
About one year ago someone on the Security Stack Exchanged asked this question: https://security.stackexchange.com/questions/119722/what-are-the-security-implications-of-my-credit-card-number-being-known-by-someo/119725#119725
Today, I decided to write an article about this exact question and how you could protect yourself.
In non-Europe case and manly USA, there are quite a few cases where people are called out for disclosing the front-face of a credit or debit card (e.g. this tweet from Brian Krebs or this twitter account). And is a fact that you don’t actually need the CVV (the code from the behind the card) to perform transactions, they’re just required by most retailers as a means of verifying that you have the physical card in your possession.
On most EFTPOS systems, it’s possible to manually enter the card details. When a field is not present, the operator simply presses enter to skip, which is common with cards that don’t carry a start date. On these systems, it is trivial to charge a card without the CVV.
Also, in some retails, they will frequently do this when the chip on a card is not working and the CVV had rubbed off. In such cases, all you need to perform a purchase or a transaction is the card number and expiry date, with a signature on the receipt for verification.
In other simpler words, you could use that number to make payments or purchases in some systems. But if they have also your CVV from the back of the card, then your card is fully compromised and can be used for all kind of payments all over the world.
In Europe case, with most banks credit card numbers and CVV are by default not sufficient to authorize a transaction of any kind.
For example UBS forces you to choose a password that will be requested for any internet payment (and clearly it’s not written on the credit card). Other banks in European Union do this or they send you a code on your mobile phone, so attacker/robbers would have to have your phone too. The most common is the 3-D Secure service which is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions.
I got compromised, what i do? Contact your credit card bank or issuer. They can provide you a new credit card. Also credit cards are something pre-internet and they don’t have an amazing security and almost every bank in this world is ready to take action (24/7) in case of credit card fraud. Also have a look at this:
What options I have in order to better secure my credit cards?
Well you can’t pay only with cash.
But do not use your bank provided credit card for both online and offline payments. I strongly recommend using a service like Revolut or Entropay which provides you with both physical and virtual Credit Cards which can be used in any form of transactions. Personally I use such services with small amounts of money base on needs and I even freeze my cards and unfreeze them seconds before a purchase.
But could you give me some basic tips?
Don’t use your credit card on an unsecured website and ensure that your payment is processed through an Payment Processor.
Don’t post your credit cards on social networking sites.
Don’t post your credit cards on websites as validation for certain access.
Check your monthly statement or even daily if your have access to such data.
Protect your credit card and pin numbers at ATMs or when using the telephone.
Carry as few credit cards as possible.
Don’t store you credit cards numbers.
Protect your credit card against NFC attacks.
