I’m interested in knowing a few things about security features used to make the infamously unsecure credit card system somewhat more fraudproof.
First of all, I don’t quite get the idea behind the CVV (card validation value, although different card systems use different names for it). It’s a three-digit number printed on the back of the card and nowhere else, meant to validate if the person using a card number (for online purchase, for example) has the card in possession physically. My impression is that this only works once; once you’ve used the CVV for a purchase, the card is not more secure than it would be without it: The staff of the company where you used the card now knows your CVV, so you’re not protected against fraudulent employees; and a tapper intercepting your online traffic does not only get hold of the card number but also the CVV. Where’s the additional protection here?
Secondly, I don’t understand why there are no one-time numbers used for credit card transactions, very much like the TANs used for online banking. The store would validate your TAN by contacting a server of the credit card company, and if they’re giving you an OK, the payment is confirmed. An intercepted online transaction wouldn’t do any harm because the TAN used for it is now worthless.