Hacker News new | past | comments | ask | show | jobs | submit login

> cvv was always correct

How do you know this, does Wise provide auth response data? (Merchants are not required to respect the CVV check, so it's possible for txns to go through with a non-matching CVV response code.)

I'm also curious about the lack of notifications. That would seem to indicate a level of account control beyond the cardholder data. Unless they were failed due to NSF before the notification step.




> How do you know this, does Wise provide auth response data?

Usually, for each transaction, wise gives a small type details, such as

* manual entry: when I manually type in all details on a form

* saved-detail: when I preauthorized some vendor or processor to perform txn without further interactions(think quick checkout using paypal)

* apple/google pay: when card is preauthorized in such

* chip and pin: means I entered the card physically on a machine and entered PIN

* contactless: means an NFC tap pay directly

Usually, all manual entry raises a notification and all the fraud charges were manual entry minus the notifications(immensely unusual unless I used the card with that vendor before frequently) on very random places in matter of days(one in California, followed by one in Tokyo). Then next time two in India followed by one in Vietnam. Then next week two in Malaysia followed by one in Bulgaria. And then several more.

While I freaked out because these vendors were entirely unknown to me and my card were all frozen with no funds in balance, the lack of notification and the charges in pattern(first $10, followed by $100 and then $500 or $250) were very odd.


Yep that's a classic fraud pattern. The issuing bank (Evolve?) should have flagged the card after the second or third txn attempt.

It sounds like multiple layers of risk controls failed here. I'm glad you didn't lose any funds, I'm sure others were not as fortunate/careful as you!


what is the point of the CVV if it is not mandatory?


In some cases a CVV can still result in a cheaper rate for the merchant on the transaction.

In other cases I've seen the lack of CVV entry result in my card provider triggering a curious 2fa-esque flow with my card provider (I can't remember the name for it) or in other cases, the card provider can just nope out. (Or trigger a fraud alert)


> a curious 2fa-esque flow with my card provider (I can't remember the name for it)

Probably 3-D Secure / Verified by Visa / etc.


Lower transaction rates as well as lower merchant and processor liability limits.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: