Walmart Policy Requires Customers To Fork Over Their Credit Card’s 3-Digit Security Code

In light of recent, high-profile data breaches, consumers are constantly on guard when it comes to their credit card information. So it might come as a surprise that the country’s largest retailer is asking customer to fork over the sacred three-digit security code on the back of cards in order to make purchases.

Walmart is in the process of rolling out a security policy and guidelines that require consumers to punch in their three-digit security code for purchases over a certain price threshold, KRPC in Houston reports.

The new policy, which was agreed upon between the company and several card issuers, is an attempt to cut down on credit card fraud, a company spokesperson says.

Often after credit card information is taken during a data breach, thieves create phony cards with the legitimate accounts. Since thieves don’t generally obtain three-digit security codes through breaches, so requiring customers to enter that code would cut down on fraudulent purchases.

Chris Bronk, a Rice University Baker Institute Fellow in IT Policy tells KRPC that Walmart is doing the right thing with their new policy.

“It really is a necessity at this point, because credit card fraud, thanks to the cyber vector, is worse than ever before,” he says.

However, Bronk says for the company to maintain consumer privacy protections it would need to store account numbers and the codes separately.

Once credit card issuers switch to the more secure chip-and-pin cards, also known as EMV cards, Walmart says it will stop requiring consumers to enter their three-digit security codes.

Visa and MasterCard announced earlier this year that they hope to end traditional sign-and-swipe credit card transitions and switch to the chip-and-PIN system by 2015.

The EMV (short for “Europay, MasterCard and Visa”) technology cuts back on card fraud because the chips make cards significantly harder to clone: even if you get all of the information from a card’s magnetic strip, as through a skimmer, without the chip actually being present the card data is useless in a physical transaction.

However, while the use of EMV technology in a card does make it more difficult to clone a card for in-person transactions, it doesn’t necessarily prevent an ID thief from using stolen card numbers for online or phone purchases. There is no such thing as a card that is 100% safe from clever criminals.

Renewed interest in chip-and-PIN cards began shortly after a string of data breaches occurred at national retailers. More than 110 million Target customers were affected in a breach during the 2013 holiday season. Neiman Marcus and Michaels both fell victim to hackers during the early months of 2014.

Last month, Target announced that starting next year the company’s REDcard debit and credit card — along with a separate Target credit card that is currently co-branded with Visa — will be reissued with the MasterCard chip-and-pin technology. In anticipation for the change, the company has already begun installing new card readers at its registers.

While KPRC reported that the policy is new, a spokesperson for Walmart tells Consumerist the retailer has actually been requiring the additional information for credit card purchases exceeding certain dollar thresholds for nearly a year.

New security guidelines for Walmart customers [KRPC Houston]

Read Comments6

Edit Your Comment

  1. Mala says:

    So if (or most likely when) Walmart will have it’s credit card information breached, now the scammers will get all the necessary info, GREAT IDEA!!… smh

    • CzarChasm says:

      RTFA. SMH

      • Mala says:

        I did read it lol! I’m not sure you did though…

        • CzarChasm says:

          Oh I’m sorry, I didn’t know you were more of a security expert than Chris Bronk, a Rice University Baker Institute Fellow. Mind sharing your credentials, oh wise one?

    • CommonC3nts says:

      Who cares??? The beauty of using a CC is you are not responsible for any theft or fraud charges. US law limits your loss to only $50, but CC always just take the full hit.
      They can steal your CC and max out your account and it wont hurt you at all.

      Now if you use a debit card then you are screwed if they steal your card. Smart people only use credit cards for protection.

  2. Snarkapus says:

    “However, Bronk says for the company to maintain consumer privacy protections it would need to store account numbers and the codes separately.”

    Why even store the CCV? The transaction’s gone through (or not) so that should be ephemeral and not stored at all…ever.