How to bypass CVV code of a debit card?
This is happening in Visa/MasterCard/American Express, etc. I tried checking in many payment apps and payment gateways that if I enter the correct debit card number, name, valid date, and wrong CVV number, I am able to receive OTP. However, the transaction is unsuccessful due to validation at the end for wrong CVV. But shouldn't it suppose to verify before I get the OTP? What's the reason? Isn't it a security issue?
Nope, it is not a security flaw. It instead enhances security. The following 2 cases illustrate how to bypass CVV code -
Case 1: OTP is only received only if CVV is correct: Since CVVs are commonly 3 digit numbers, it is easy to crack - only about 1000 possible combinations. The hacker may try all the possible combinations since cracking this won't take much time. So your CVV can be considered hacked once you get your OTP. Now the hacker has to only crack your OTP which is generally (~ 6 digit number = 1000000 combinations). Total number of combinations needed to hack your account 1000000+1000 = 1001000 combinations. Not much time will be required to generate these many combinations. Hence the card can be hacked easily Case 2: OTP is received even if CVV is incorrect In this case, you need to get a combination of CVV (3 digits) and OTP (9 digits) correct. Thus the total number of combinations is 10^9. This is about 1000 times the combinations needed in the above case. More number of combinations => More time required to crack and thus hard to crack.