tags:

views:

108

answers:

2
+1  Q: 

Why using clear text for Credit Card security code?

I'm curious about the reason why all most payment gateway site use clear text input to take security code.

Isn't it more secure if users put their security code in password mode textbox?

please give me enlightenment on this

+7  A: 

If you used a password box for this, who exactly are you hiding the security code from? Presumably the user has their credit card out, in their hand, and somebody looking over their shoulder can just see the number on the card instead of the screen.

Jakob Nielsen recently made a case to Stop Password Masking, that means for all password fields. Bruce Schneier added his opinion in his article The Pros and Cons of Password Masking. If there's discussion about whether password masking is relevant for password fields, I wouldn't even consider using it for CCV fields.

The password prompt in your OS for the wireless password probably has an option to "show password".

Greg Hewgill  2009-11-09 08:19:22
I can remember my security code. it's only 3 digit I don't think would be hard to remember.
Anwar Chandra  2009-11-09 08:24:23
Ah, you young bucks with yer 20/20 eyesight.
Michael Burr  2009-11-09 08:26:08
I think Jakob Nielsen's Stop Password Masking is plain stupid (though I agree to getting rid of that Reset button). Apart from the obvious presentations and open work environments etcetera while actually in the process of logging in, I would also not like my browser to populate the password as plain visible text in many sites that I actually do not log in to (but which have a login box on every page).
Arjan  2009-11-09 08:28:46
+1 for "show password" option.
Anwar Chandra  2009-11-09 08:41:00
+2  A: 

Hopefully, the data is transmitted using HTTPS. Using a password field might even make the browser prompt whether to save the value for later use, and hence might not make it more secure. (But then, you're right, using a plain text field might make the browser remember it as well.) At least plain text is easier for the user.

Arjan  2009-11-09 08:20:26
+1 my browser always remember my number and security code. for me it's okay, I can delete the history. But if someone put his card information on shared computer and forgot to remove the data, everybody can use it.
Anwar Chandra  2009-11-09 08:27:22

related questions

How can I read the purse balance with an EMV CARD?
What is the best credit card processing service?
Does anyone know where there is c# code or a dll which can generate sample credit card numbers
What is the official name for a credit card's 3 digit code?
What options are available to accept credit card payments through an iPhone?
Credit Card Duplicate Transactions
Low cost online payment processing solution for public schools?
Security review: client credit card# stored on server but with one time pad encryption stored in client cookie.
What is the best way handle credit card subscriptions on a website?
Checking for valid credit card numbers.... lots of syntax errors.
Storing Credit Card Information
Generating Valid Credit Card Track2 Data for Testing
Non-US credit cards with Amazon Flexible Payment Service?
ActiveMerchant: How to authorise cards when using gateways that do not support the void operation?
Accept credit card/echeck payments
Credit Card Payment Solutions for Desktop Applications
Storing credit card details
Whats the best way to offer credit card payment on your website?
Credit Card processing library that handles many merchant gateways?
What are some best practices for handling sensitive information?
What is the best way to validate a credit card in PHP?
What kind of damage could one do with a payment gateway API login and transaction key?
Limiting impact of credit card processing scripts/bots
Best way to prevent duplicate use of credit cards
How to test credit card interactions?