Hacker News new | past | comments | ask | show | jobs | submit login

Last time I autofilled a CC with chrome it asked me to input the cvv number on the card before it filled in.



Interesting use of CVV, since vendors aren't permitted to store it. But Chrome does, for you... is that synced across browsers? That would require Google to store the CVV on its servers...


My understanding was that Google doesn't store your CVV anywhere, which is why you need to enter it every time. When you do so, it attempts to charge you zero units of your preferred currency (or perhaps it gives you zero, not sure) and if the transaction succeeds it accepts the CVV as valid.


Chrome isn't a credit card vendor. I can save your credit card number for you too, if you want.


The CCV check Chrome does doesn't compare the entered CCV against anything stored at all. Instead, it charges a small amount to verify the credit card. See my comment below.

Your mileage my vary, but I'd be very surprised if it does.


Chrome doesn't store the CVV, Google does. It syncs with your Google wallet account, and if the CVV is matched, then the credit card is auto filled


This is what happens to me:

1) Google Chrome doesn't always explicitly ask for a CCV. If it does, the browser dialog opens.

2) It actually charges $1 per CCV check to verify the credit card.

3) If the CCV check is successful, it does the autofill on the form. However, you still have to enter the CCV in the form manually most of the time.

4) The $1 charge is immediately canceled and thus doesn't affect your account balance.

For reference, here's a screenshot of how my bank receives such a charge: http://imgur.com/qwdM9Jx.png

To be clear, this is not from any Google purchase. That's what happens if I use my CC in Chrome on any site.

It also has to be noted that this implementation is pretty bad. On pre-paid CC (i.e. your CC payments are directly tied to your bank account - there is no CC bill), this will negatively impact your spending balance:

Account balance: All your money.

Spending balance: (account balance) - (pending charges)

Some banks refuse to apply the charge cancellation sent by Google and keep the pending charge active for some fixed amount of time (e.g. 90 days).


I don't know about this feature, but why couldn't it be stored as a hash?


I might be an order of magnitude off here, but I believe there's only around 1 billion unique numbers per card once you take away check sum digits and look at how they are issued.

Assuming that's correct, it really wouldn't take up much memory or computing power to create a lookup table for every credit card number with hash x.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: