Wrong CVV but transaction successfull

[iajeet]

Yesterday I did a transaction with Paytm. By mistake I entered wrong CVV but transaction was successful.
(Kotak league credit card)

 

[Rahul Gupta]

Yesterday I did a transaction with Paytm. By mistake I entered wrong CVV but transaction was successful.
(Kotak league credit card)

Did you use verified by visa transaction password? instead of otp. Because in my hdfc same thing happens when i don't use otp.

 

[Rohankore]

Same thing happened with me once with SBI cc.

 

[iajeet]

Did you use verified by visa transaction password? instead of otp. Because in my hdfc same thing happens when i don't use otp.

only six digit OTP

 

[karankayastha]

same thing happens with hdfc too its a major flaw

 

[ltf4ever]

someone had mentioned a long time back that payment through cred also went through even when wrong cvv entered. it was a discussion about whether cred was storing cvv data or banks were failing in the proper authentication systems.

 

[ankushanup1]

Yesterday I did a transaction with Paytm. By mistake I entered wrong CVV but transaction was successful.
(Kotak league credit card)

First thing this is a known issue across all banks not to us or them but to banks and payment gateway /processers/card network ,but the issue is with payment gateway /payment processor related

First identification is via card no which is reported to banks for verification that's 1st factor authentication

Second factor authentication is OTP,here there are two types On us and off is transactions

In on us transaction Card network is bypassed by payment gateway /processers in association with banks to keep transaction off card network to save costs (read verified by visa etc)

In of us transaction you go through card network and always enter Otp on BANK payment page

In either way OTP is 2nd factor of authentication

So to prevent fraud or unauthorized transaction CVV and Expiry is embedded by card network as CARD NETWORK provides payment process to banks so they're responsibile for those liabilities...so it's nothing to do with banks or RBI OR any regulator

So second rung of responsibility lies with payment gateway but they're liable only to the extent of fraud on thier network...so that is also not bank or regulator concern...so here fault and liability is with CARD NETWORK &payment gateway but they are lax as they don't find it worth the effort or doesn't make business sense...so it's happening

The only saving grace is in domestic transactions OTP is 2nd factor authentication is necessary for transactions to go through...but for int transactions that is a big threat

Here comes the debit card /credit card differentiation where DEBIT CARD transactions aren't easily reversible and most debit cards doesn't come with card purchase protection or the card unauthorized card protection

While most credit cards comes with protection and as transaction settlement is on the books of financial Institutions it is easily reversable

So for consumers it's imp to keep this in mind while transacting via cards

So keep your sim /mobile device /Otp safe along with key card details along with other sensitive acc details +keep an eye on transactions or balance in acc on regular basis and always report unauthorised transaction asap

Second imp thing is to better turnoff the transaction levers or atleast keep limits as low as possible this should be followed strictly in DEBIT CARDS and especially for INTERNATIONAL TRANSACTION controls