I need some help to clarify my understanding of CVV. We've had some recent counterfeit debit card fraud and I've narrowed it down to 1 common point of purchase, I know for sure 1 other local bank has narrowed it down to the same merchant and I'm confident others will as well. The transactions were all approved and passed CVV (all fraudulent transactions were card present). If these cards were skimmed at this merchant, the CVV can be skimmed correct? Or would this have to have been a compromise on the back end somewhere like a server or their merchant processor? I guess I'm not clear as to how the CVV works, is it simply part of the track data, or does there need to be another piece like something that comes back from the processor during the approval? Any help would be greatly appreciated.
_________________________
"The reason I talk to myself is because I'm the only one whose answers I accept."
- George Carlin