Wondering how important that three-digit number on the back of your credit card is? It's the latest piece of information being sought by thieves. “Today” financial editor Jean Chatzky offers advice on how you can avoid becoming a victim of fraud.
More from TODAY.com
Kelly Clarkson has 'awesome' response to body-shaming bully
Dubbed the "most hated woman in Britain," Katie Hopkins began fat-shaming Kelly Clarkson after seeing her on "The Graham N...
- Harrison Ford reported fair after plane crash
- Hilarious bar mitzvah invite video parodies 'Let it Go,' 'Happy,' more
- Which hue do you prefer on these celebrity hair color chameleons?
- You don’t have to go all veg to live longer, study finds
- Kelly Clarkson has 'awesome' response to body-shaming bully
Over the holidays I — like many people in this country — did a huge portion of my shopping online. Why not? I figured. The selection is great. Shipping was (over the holidays at least) largely for free. And it's open 24 hours. Perfect, in other words, for anyone sick of mall traffic.
This year, though, I noticed it wasn't enough to simply type my credit card number into the browser at J. Crew or GapKids or whatever secure site I was patronizing. They all wanted the three-digit security code off the back of my MasterCard as well. I gave it up willingly.
But a warning issued last week from the New York State Banking Department got me thinking twice. It warned of a new scam in which this code is the key.
Here's how it works: Scammers, who have already obtained your credit card number in other ways, call your house pretending to be the fraud and security department of your credit card company. They sound very official (they may even provide you with a phony badge number) and they claim your card was flagged by security for demonstrating an unusual purchase pattern.
You deny making the purchase. Then the scam artist reassures you it will show up on your next statement. The scammer then gives you a phony control number to document the fraud claim and asks you to provide the three-digit security number from the card to prove that the card is in your possession.
Once you give that up, the scammer has you. He or she now has everything he needs to make a purchase with your card either over the phone or on the Internet. There's no clerk there to raise an eyebrow at the fact that John Doe he doesn't really look like Jane Smith. And since you've already been alerted to fraudulent activity on your account, you're less likely to call in the troops.
What is this mystery number? It's called the CVC2 code, explains MasterCard International spokeswoman Sharon Gamsin. You'll find it (if you haven't already) printed into the signature panel on the back of your MasterCards and Visas (American Express uses a four-digit code imprinted above your card's number on the front.)
It was introduced, she says, specifically “to prevent the type of fraud that occurs at merchants where the physical presentation of a card is not necessary and no face-to-face interaction between the merchant and cardholder occurs.” In other words, online or over the phone.
Notes Evan Hendricks of Privacy Times, “You don't want someone to have your credit card number and you don't want someone to have the three-digit code, but you really don't want them to have both. It's like losing the car and the keys — someone who has both can buy anything they want. That's why, when thieves are buying stolen credit card numbers they're worth a lot more if they include the three-digit code on the back.”
How do you avoid being taken advantage of?
- Never give out data if you didn't place the call. In this particular case, you don't want to give the CVC2 code to anyone who calls and requests it — no matter how official they sound. If you're concerned you may have already been victim of a fraud, hang up and call the toll-free number on the back of your credit card yourself. Ask to speak to the fraud department and see if they have the same information you were just given. If not, you know you just escaped being scammed.
- Likewise, never give out data in response to an e-mail. That's how phishing works. You get an official looking e-mail from your bank or credit card company or some other institution with which you do business requesting “more” information. Don't provide any data unless you surf to a financial institution's site yourself by typing the URL into your browser. Clicking through on an e-mail doesn't count.
- Immediately report any problems to your state banking department. Scammers only get shut down when the authorities gather enough information to catch them.
Jean Chatzky is an editor-at-large at Money magazine and serves as AOL's official Money Coach. She is the personal finance editor for NBC's "Today" show and is also a columnist for Life magazine. She is the author of four books, including 2004's "Pay It Down! From Debt to Wealth on $10 a Day" (Portfolio). To find out more, visit her Web site, www.jeanchatzky.com.