If you're a "Carder", and you've got 1,000 cards, you just try them once a day. You'll get 2 CVV2's a day, average. And a bet that a once-a-day wrong CVV2 doesn't trip very many, if any, fraud checks. How much more is a card worth to a carder with CVV2/CVC than one without? Another niche service to provide in the cybercriminal underground, I guess.
As far as being non-PCI compliant, you as a merchant are only compliant right at the time of the audit. And maybe not even then, given Heartland's experience. The whole PCI thing is to give Visa and MasterCard a way to do some CYA.
As far as being non-PCI compliant, you as a merchant are only compliant right at the time of the audit. And maybe not even then, given Heartland's experience. The whole PCI thing is to give Visa and MasterCard a way to do some CYA.