Is a 3 or 4 digit CVV enough for online transactions?
Background: The CVV/CVV2 number ("Card Verification Value") on a credit card or debit card is a 3 or 4 digit number printed on the card. It is 3 digits on VISA, MasterCard and Discover branded credit and debit cards, and 4 digits on an American Express branded credit or debit card. The CVV code is not embossed on any of these cards.
My question: Is 3 or 4 digits enough for online transactions to be secure?
The credit card companies are aware of this, their anti-fraud detection software will block a card if they see more than a small number of attempts with incorrect CVV codes. Even having an understanding of the algorithms for generating CVVs a hacker would still have to get lucky to successfully be able to make a transaction.
As for whether it is a great system then the answer is no. It's still vulnerable to fraud, however it is much better than no CVV code at all. It's a quick and easy fix to add more security into the system until the industry can agree on a more permanent solution.