Maintain security of credit card info

Recently, I was given a form for credit card payment for motor insurance premiums by NTUC Income.

The form requested the CVV (card verification value), in addition to standard details of the credit card. This practice is unsafe, as the CVV is meant for use only for secure online transactions. 

Even the agent who passed me the form admitted that this was not the standard practice.

In normal face-to-face transactions, customers have to first produce the physical credit card as the first step of verification. 

After swiping the card, the merchant will have a copy of some details of the card but is not supposed to be able to use it for unauthorised transactions without the physical card itself.

The CVV is supposed to be the alternative for the first verification step for online transactions. 

Thus, it is risky for a cardholder to provide the merchant with details that can be abused by the merchant's staff or anyone else who may gain access to the details.

It is a violation of payment card industry standards to store the CVV, and that is what will happen if it is written on a form.

Chen Junyi

A version of this article appeared in the print edition of The Straits Times on December 15, 2015, with the headline 'Maintain security of credit card info'. Print Edition | Subscribe