Discovery Bank closed a gaping credit card security hole on Monday – but says it suffered no fraud
- Discovery Bank on Monday fixed a flaw in its systems allowing incorrect credit card CVV numbers to be used for online payments.
- Business Insider South Africa was tipped off about the flaw, and on Monday morning found we could make payments with a random CVV code.
- Discovery Bank said it was alerted about the issue last week, and suffered no fraud losses due to the issue.
- For more stories go to www.BusinessInsider.co.za.
Discovery Bank says it has fixed a security flaw in its systems that allowed credit card transactions without the correct CVV number.
On Monday morning Business Insider South Africa was able to make two credit card payments on two different e-commerce platforms with the incorrect CVV number, simply using a sequences such as "000".
In one instance, Discovery Bank also didn’t require further authorisation in the form of a one-time pin.
Testing showed that the correct CVV number was required for Discovery credit card holders with accounts still administered by First National Bank.
By Monday evening, Business Insider tried to recreate the transaction we completed in the morning, but our efforts were rejected.
A call centre agent also soon phoned us after the transaction to alert us that an incorrect CVV number had been used.
A CVV code, short for Card Verification Value, is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.
Industry standards forbid websites from storing CVV numbers, so that even if card details are saved for the sake of convenience and if databases are stolen, the information will be incomplete to make a transaction.
Also read: Discovery Bank will soon have some of the basic functions it was missing at launch – plus extras like converting Discovery Miles to cash
In a response to questions on Monday afternoon, Discovery Bank said it had become aware of the security flaw last week, and immediately implemented steps to ensure it was resolved by Monday morning.
It said the CVV code are just one of several safety features it has in place.
“We would like to reassure our clients that this has been resolved, and will not lead to losses for any of our clients,” Discovery Bank said.
Also from Business Insider South Africa:
- SA now has a ‘Boyfriend Stokvel’ Whatsapp group - you can even recycle your ex
- Uber Eats SA now won’t include plastic utensils unless you ask for them
- Disaster is unfolding in Syria as videos emerge of US allies being slaughtered and hundreds of ISIS prisoners escape during airstrikes
- Checkers just revived ‘Xtra Savings’, its answer to Smart Shopper and WRewards – but its discounts are a little variable
- JOBS: These large companies are looking for new staff – including Mr Price, Sanlam, and Nedbank