Hacker News new | ask | show | jobs
by e28eta 1065 days ago
They might not need CVV, if the transaction looks “good” otherwise:

> A payment can still be successful even if the CVC or postal code check fails. This is because card issuers take many signals into account when making a decision about whether to approve or decline a payment. In some cases, a card issuer may still approve a payment they consider legitimate, even if the CVC or postal code verification check fails.

source: https://stripe.com/docs/radar/rules#built-in-rules
1 comments
js2 1065 days ago
:-(

I recently went through the opposite of this. A purchase at denon.com was declined, got a "please verify" email from my issuer which I approved and re-did the purchase. My issuer authorized the payment the second time, but then it got held up by NoFraud who sent me their own "please verify" email which I did. I had used an iCloud Hide My Email address for the purchase so a day later I get another email from NoFraud:

> Thank you for confirming your recent order. We are the fraud solution for the merchants website. We flagged the order for additional review before we notify the merchant to process it. To complete the verification for approval, we require an alternate email address for the cardholder. Please respond with an alternate email address.

At that point I tracked down NoFraud's phone # and called them to finally get the transaction approved.

link
techsupporter 1065 days ago
> I had used an iCloud Hide My Email address for the purchase so a day later I get another email from NoFraud

I got hit by a merchant using "NoFraud" as well. After making an order from the merchant's site, using Apple Pay on the web (which is, allegedly, rather hard to fake), I received an email saying my order was canceled as it "appears that a merchant-specific email address was used" and to "please resubmit the order using your personal contact details".

They were right, because I always use [merchantname]@subdomain.mydomain.com. Whatever it was couldn't have been that important because I didn't bother redoing it if they're going to be that picky.

(I can't find the purchase confirmation and subsequent email in my email, probably because I deleted it out of annoyance, so I'm not naming who I think I remember it being just in case I'm wrong)

link
huslage 1065 days ago
as if Email is some sort of durable identifier in the first place.
link
js2 1065 days ago
This is the thing that got me. Where the heck is NoFraud getting its training data[1] and why is an email address even considered relevant to the safety of the transaction? The item was shipping to my home address which matches my CC billing address.

[1] "NoFraud’s multi-layered solution analyzes thousands of data points fusing machine learning."

link