When buying stuff using an EFTPOS-Terminal, you just enter your PIN. When buying stuff on the Internet, you need to enter the CVC-number on the back of your card (not the PIN).
So if someone steals your card, they can buy stuff on the Internet (using the CVV-number on the back of the card).
They can’t buy things using a terminal, because they don’t know the PIN (except if you wrote the PIN on the card, say to jog your memory…)
We recently had several occasions in Queensland where
Information Centres booked accommodation over the phone and noted/passed on our CVV-number. The motels then used the data to take a deposit out of our VISA-account. I assume that they just made an Internet purchase in our name using the CVV-number they’d just received over the phone.
When we questioned this practice we were told: ‘We’re not
all corrupt here’- boy were we reassured…
The BNZ wasn’t so sure and promptly issued new cards.
Good on them.