Discovery Bank discovered a system flaw on Monday which allowed the incorrect credit card card verification value (CVV) numbers to be used for online payments.
The CVV is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.
Business Insider South Africa was tipped off about the flaw, and on Monday morning was able to make payments with a random CVV code, such as 000.
- Discovery Bank said it was alerted about the issue last week
- The bank suffered no fraud losses due to the issue
- The flaw has now been fixed
- Previously, the Bank didn’t require further authorisation such as an OTP (one-time pin)
- When Business Insider later tried to use an incorrect CVV number, a call centre agent phoned to let them know it was incorrect us after the transaction to alert us that an incorrect CVV number had been used.