Hey all, have a question.
I noticed that a large techwebshop in NL offers "Maestro" next to MasterCard as online payment method.
I knew that bunq's maestrocards are able to be used online with Apple Pay, but had not seen it being able to get used yet as a "credit card". I was curious if that would really work for a NL card, so I reactivated an old virtual card, linked it to a secure account and figured I'd give it a go.
Much to my surprise, the Maestro accepts card number + exp date as sufficient verification. There is no need to use the CVC-code. In fact, there was no CVC-field at all. All I had to enter was the card number and the exp date and the payment went through successfully without any additional verification.
That got me even more curious, and hope that someone knows: why does the Maestro not require a CVC-code for online check-out and isn't that a massive security risk? I mean, this was a card I linked to my "secure" account (0 balance, only add the funds required to make the payment to it + €1 reservation), but my regular Maestro cards are linked to accounts containing funds. The card number + exp data is printed on each Maestro card. Does that mean if someone has a look at my card/makes a pic of it or even if it's recorded when I'm paying in a shop and it's visible on security camera's OR I use it online and it's leaked somehow: it's super easy to pay with it online without CVC?
It feels extra strange because yesterday when I was paying with MasterCard somewhere it, as usual, required CVC and then I had to open the bunq app to approve the "payment request" to my MasterCard. (Guess that was 3DS or something similar) Yet with the Maestro, there is no CVC required and no approval required in the app. That's two layers of security missing, hehe.