What are the security implications of my credit card number being known by someone else?

An excerpt from another answer:

You don't actually need the CVV to perform transactions, they're just required by most retailers as a means of verifying that you have the physical card in your possession.

From Wikipedia (unsourced):

It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.

On most EFTPOS systems, it's possible to manually enter the card details. When a field is not present, the operator simply presses enter to skip, which is common with cards that don't carry a start date. On these systems, it is trivial to charge a card without the CVV. When I worked in retail, we would frequently do this when the chip on a card wasn't working and the CVV had rubbed off. In such cases, all that was needed was the card number and expiry date, with a signature on the receipt for verification.

In other words:

You could use that number to make payments or purchases in some systems. But if they have also your CVV from the back of the card your card is fully compromised and can be used for all kind of payments.

Recommendation:

Contact your credit card bank or issuer. They can provide you a new credit card. Also CC are something pre-internet they don't have an amazing security and every bank in this world actually prefer to be like that because they can follow the money transaction and they can find who is the responsible for a CC fraud.


In addition to the other (correct answer), I'd like to add that (at least in Europe) with most banks credit card number and CVV are by default not sufficient to authorize a transaction.

For example UBS forces you to choose a password that will be requested for any internet payment (and clearly it's not written on the credit card). Other banks in Italy do this or they send you a code on your mobile phone, so they would have to have your phone too. I don't know how widespread is this, or if it applies to the US, but my (limited) experience with banks up until now points in this direction :-)

Tags:

Credit Card