• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Security code missing in Identity safe

Security codes are missing from Identity Safe in the new, updated version of Norton 360 Premier.  I was going to put them in again, but, there is no place to put them.

Replies

Kudos0

Re: Security code missing in Identity safe

The Credit Card Verification Value (CVV) field has been removed from your Wallet and the 3 or 4-digit number that is stored in the field has also been removed.  We wanted to offer a more flexible Credit Card Comments field, that lets you choose the kind of useful credit card information that you want to store.

https://support.norton.com/sp/en/us/home/current/solutions/v98547562

Kudos1 Stats

Re: Security code missing in Identity safe

I find this to be a huge mistake. Now I have to refer to the cards themselves so why even have a wallet?

Kudos0

Re: Security code missing in Identity safe

Sorry, I'm just the messenger.  Product design is waaaaay over my pay grade.
FWIW ~ Support told me CVV removed for security. 

Kudos1 Stats

Re: Security code missing in Identity safe

As bjm_ notes it was removed to make your transactions more secure. This way you have to physically have the card in hand to verify you are you. Imagine if you had left your computer open with your vault open and you go somewhere for a few minutes leaving your computer accessible to anyone. With the old system, anyone could quickly log into a site and purchase something using the fill details from your vault. The new way, they would be stuck when asked for the CVV number that you would have with you.

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: Security code missing in Identity safe

Actually, I find that the credit card companies put the CVV code on the card itself is stupid but that's another story.  Today, after updating Norton 360, my wife's fill-in assistant did not submit the CVV code as it had the day before.  OK, from this thread we know why. 

Two complaints however are in order:  1) why does Norton make changes without pointing them out in a read-me file at least and 2) if field A is replaced by field B to make it more "flexible", why doesn't field B show up on the fill-in screen to be able to be used?  We put the CVV codes in the Notes field (they do show up when the AMEX card is displayed on the edit screen), but there is no Notes field displayed in the Fill Assistant panel.  Talk about security!  Even if you left your computer screen on and ready to buy a mink coat, nobody would be able to do so. 

Actually my third complaint is about the 30 minutes I was left on ignore in the "liveperson chat" and then finally texting back and forth with someone who did not answer my question about the "Notes" not showing up but rather tried to answer three questions about resetting my passwords and could I see them on the cloud storage?  At my request to talk to a real person in the US about the problem, she said she would forward my request and have someone call me?  Anyone want to take a bet?

Kudos0

Re: Security code missing in Identity safe

pandora749: 1) why does Norton make changes without pointing them out in a read-me file

..same has been asked and requested ...as release notes / change log... thanks for adding your comment... 

pandora749: At my request to talk to a real person in the US about the problem, she said she would forward my request and have someone call me?

as you know...Chat follows a play book.  You may always try Support again.  Or, address product design matters via Product Suggestions board.   FWIW ~ I've received follow up calls from Support. 

Kudos1 Stats

Re: Security code missing in Identity safe

Even with the vault open another password is required to access individual cards. There are people that don't have anyone else around that could access an open vault in their homes. I believe this should be optional. I repeat, if I have my card in hand, I do not need the wallet portion of the vault. If it is not safe for codes then how is it safe for passwords on logins and other information we store there? Isn't the whole purpose of  Identity Safe to have a secure place to store our information?

Kudos1 Stats

Re: Security code missing in Identity safe

Since this is the place we are to discuss, ask questions and file complaints and/or problems I feel it is not the time to pull the "not my job" line. You are our connection to whom ever is responsible. If you can't answer and fix our problems is it not your responsibility to pass it on to the right people? If not then I am obviously posting my problems in the wrong place. Perhaps, you could forward it to the correct place or tell me where I should be posting and I will gladly post there. Thanks

Kudos0

Re: Security code missing in Identity safe

pandora749: Perhaps, you could forward it to the correct place or tell me where I should be posting and I will gladly post there. Thanks

Product Suggestions  you may find others with similar concern...

Kudos0

Re: Security code missing in Identity safe

Why are someone else's questions showing up under my name?

Kudos0

Re: Security code missing in Identity safe

pandora749:

Why are someone else's questions showing up under my name?

Under this Topic or under your Activity

Kudos0

Re: Security code missing in Identity safe

pandora749:

Since this is the place we are to discuss, ask questions and file complaints and/or problems I feel it is not the time to pull the "not my job" line. You are our connection to whom ever is responsible. If you can't answer and fix our problems is it not your responsibility to pass it on to the right people?

Guru's (blue badge) have pass it on power.

Kudos0

Re: Security code missing in Identity safe

oops, sorry about that. I meant to delete this and post on support. There is a reason I am tagged "newbie".

Kudos0

Re: Security code missing in Identity safe

@pandora749

Just a few comments if I may - just trying to help a newbie understand what is going on with the forums.

First of all most of the posts you will see on this forum are from other Norton customers (the same as you) who come here to volunteer their time and efforts to help other users get answers to their questions/situations.  Those who have a red badge behind their user name are Norton employees while those without,  are customers the same as you are.  Also if we have the blue Guru badge, then we have usually been around for quite awhile and have been designated by Norton to be able to assist a bit more than other users.  That's why it was stated Guru's have pass it on powers - I used one of the Guru's powers to send you the notice that this post was made to you.  Hopefully that will clear things up and help you understand the structure here in the open forums.

Speaking of open forums - basically that permits anyone to post within your thread  - why others show up in your thread - be it to ask a question or to provide assistance.  Questions are a way of life here - we can't see your system, nor your problems - thus we ask many questions to get a feel for what you are seeing/experiencing.

Hopefully you will understand better what this forum is all about and why some things have happened here that you did not understand.

Kudos0

Re: Security code missing in Identity safe

Thanks for the info. I did apologize for posting in the wrong place. I understand what you are saying and why. Perhaps, it would help to explain your position in the beginning of the forum. I certainly never new about red or blue badges. I have been a Norton customer for years, but, this is the first time I have used the forum. Whatever your position is does not change my feelings about the lack of a place for a code. This is not a problem with my system. It is a change that is on everyone's system. Though your post was informative it does not solve the original issue. However, now that I know the people answering do not really know anymore about it than I do I will continue my search elsewhere. Thank you for your assistance.

Kudos0

Re: Security code missing in Identity safe

Hello Pandora

The answer to the missing CVV code is in the link that fjm posted in his first post in this thread. The idea behind it is if you leave your computer for a while with the field where the CVV code was before, some one could easily make a purchase with your credit card and would be able to see the CVV code also and be able to make the purchase. They took away that code so if some one tried to make an online purchase, in most cases, they would not be able to complete that purchase with out having that code.. So now you need to have your card in your hand to make a purchase. That sounds much safer to me. Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Security code missing in Identity safe

pandora749:

However, now that I know the people answering do not really know anymore about it than I do I will continue my search elsewhere.

Yeah, we have no way of knowing what you know.
I hang around to clean ash trays and sweep up. 
Happy search.
Welcome to Norton Community

Kudos0

Re: Security code missing in Identity safe

LOL I've emptied many trash cans myself.

Kudos1 Stats

Re: Security code missing in Identity safe

Rather than have the option of whether or not to enter the CVV information Norton has decided to make the decision for us. If I must have the card in hand for on-line transactions then what purpose does NIS serve?

Kudos1 Stats

Re: Security code missing in Identity safe

Bryan Burke:

Rather than have the option of whether or not to enter the CVV information Norton has decided to make the decision for us. If I must have the card in hand for on-line transactions then what purpose does NIS serve?

 What Identity Safe does for you is save you from typing in all your name, billing address, and credit card number. Instead of   Typing many many keystrokes, you only need to type 3 for the CVV.

I still look on this as a time saver, while still enhancing security.

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: Security code missing in Identity safe

I totally agree with Brian.  If the CVV code had been a required field then it could have been a problem for those who use public computers or are dumb enough to leave them open and walk away.  As a former developer, there are some fields that I left in place from earlier software but changed them from required.  If you see a problem with using the field, don't use it.  For those of us who use our PCs at home and do not have our identify safes on a cloud of unknown security, we would like the opportunity to make a choice for ourselves.  A developer or development group should not have the last word on what is "good" for us.  Cell phone information is requested on profile pages.  I don't want that information made public.  The field is not required.  I do not enter the number.  Problem solved for me.  You fill it in if you want it and it is solved for you.  Personal choice - the American way.

Kudos0

Re: Security code missing in Identity safe

Oh, I thought I started this thread. In reading other posts on this thread, I am happy to know that I am not the only one that feels we should be given the choice. Enough said.

Kudos0

Re: Security code missing in Identity safe

To Norton:    how ridiculous...   so I am supposed to have to run upstairs and get my credit card now every time I buy something online?  Or to keep my own supposedly less secure file on my computer or a paper list instead with my credit card information because Norton doesn't feel it can keep my credit card code safe?     Then how dare you collect my other credit card and sign-on information!   Please rethink and find a way to keep this information safe!  i thought this was your value add...

Thanks very much!

Kudos0

Re: Security code missing in Identity safe

I prefer the added security, but that is me. Now all I do is remember one 3 number code. No card needed. Norton does the rest.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security code missing in Identity safe

That's great and I respect your opinion. My question, in the first place, was where did it go. My problem with it is that there was no notification or explanation and there is no choice. It just disappeared, like it or not. I thought that Identity Safe and the wallet within it was a safe place to store information. It seems that Norton doesn't agree. So, how safe is any of our information or passwords for anything we log into? That may include bank accounts.  Three number codes are not needed for them.

Kudos0

Re: Security code missing in Identity safe

pandora749,

The Card Comments field can be used to store any useful information (up to 200-characters), such as credit card limit, cash back rewards percentage, frequent flyer points, bill payment deadlines, and so on.

https://support.norton.com/sp/en/us/home/current/solutions/v98547562
Perhaps, by your choice you may use Card Comments field for security codes. 

pandora749: I thought that Identity Safe and the wallet within it was a safe place to store information. It seems that Norton doesn't agree. So, how safe is any of our information or passwords for anything we log into?
Luckily, not only does a good password manager like Norton’s Identity Safe help you remember all those random characters, but it also adds another layer of security to your passwords.

https://community.norton.com/en/blogs/norton-protection-blog/password-managers-are-key-secure-passwords 

Kudos1 Stats

Re: Security code missing in Identity safe

I absolutely agree with former posters - removing the CVV code makes Norton password manager redundant. I now have to go and fetch my card anyway. I have multiple cards in my wallet and cannot remember all the CVV codes so it is not a simple matter of remembering one 3 digit code. This is no more secure as I use it mainly on my home PC. I would prefer the option not to include my CVV rather than have it removed without my consent or wish

also, Fill in assistant  simply lists the cad type and number and has removed the name I gave the card which makes selecting the correct card much more difficult. I have eight cards used for work on various accounts and for home use. I have labelled them "work purchase account" etc but this no longer shows up in fill assistant. The notes field also does not show in Fill Assistant and as far as I can see you actually have to open the wallet to see it so the whole process is slow and ineffective.

time to try an alternative password manager? I have been with Norton for over 20 years but it is getting less and less useful.

Kudos0

Re: Security code missing in Identity safe

So, Norton is now a automatic fill program? There are a lot of those and we don't have to pay for them. I purchase Norton for security, not auto fill. The point is not having to fill in our information. The point is we want our information safe and secure. Eliminating the CVV code are for security??? Removing the CVV for security makes most of us wonder why Norton doesn't believe their wallet is secure.

Kudos0

Re: Security code missing in Identity safe

Let me understand this. Are you saying that we should put the CVV codes in the comments section? Norton removed the designated spot for CVV for "security" so how secure is a comments section? Thanks to Norton's lack of faith in their own vault I no longer trust Norton with my information. If Norton knows it can't keep our information safe then it is time to find something that will. I also agree that putting the CVV code on cards is a ridiculous idea. It would be better to have a private pin number that is not on the card. Of course that is not up to Norton. Individual card issuers need to be contacted about that.

Kudos0

Re: Security code missing in Identity safe

FWIW ~ recommended as you know is to periodically change your passwords.  Can you changed your CVV / security codes. 
ID Safe is a password manager.  There are lot's of em'.  Perhaps you feel ID Safe as "security".  IMO ID Safe is a password manager.  Convenient encrypted password protected login creds storage.   ID Safe is not an Identity Theft solution nor Credit Monitor.

But even Siciliano — who said that there isn't a single legitimate argument against using a password manager — takes steps to mitigate the risk of having all his passwords in one place.

http://www.tomsguide.com/us/password-manager-pros-cons,news-19018.html 

Kudos0

Re: Security code missing in Identity safe

I am not sure what your point is here. I do feel ID safe is "security". Isn't that the point. If a password manager isn't secure then what good is it? No, we cannot change a CVV code. That is issued by the card distributor. Perhaps it would make a CVV code more secure if within the wallet we can create a different password to access card information. As it is now the same password that we sign into the vault is used to access card info. I not only don't understand what your post means, I certainly don't consider it a solution. It seems to me that most of the answers offered in this post are telling us that Norton is not secure. It also seems you are saying that it isn't meant to be. I may have misunderstood your post.
Kudos0

Re: Security code missing in Identity safe

Kudos0

Re: Security code missing in Identity safe

It has nothing to do with the safety of information stored in Identity Safe - the CVV storage was not removed because of any concerns over a vault compromise.  It has to do with the purpose of the CVV itself, which is to assure the online merchant that you have the card in your possession.  Obviously, a form field filled in automatically with stored information does not satisfy the intent of the CVV.  You are supposed to pull the card out of your wallet and look.  That is the point.  CVV was not invented to make your card use more convenient - it was implemented to protect you, the merchant, and the card issuer from fraud committed with stolen credit card numbers.  I don't fault Symantec for respecting that - they are a security company.

Kudos0

Re: Security code missing in Identity safe

As a security measure, merchants who require the CVV2 for "card not present" payment card transactions are required by the card issuer not to store the CVV2 once the individual transaction is authorized and completed.[4] This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful.

https://en.wikipedia.org/wiki/Card_Security_Code

Kudos0

Re: Security code missing in Identity safe

Password managers are not considered to be merchants, and so can store CVVs if they want.  Some do, some don't.  Norton is not the only password manager that has opted not to store CVVs.

Of course, online merchant databases get hacked and card numbers get compromised with some frequency.  That is why I always recommend using ShopSafe or a similar service to create a one-time-use-only credit card number for each online transaction.  This certainly throws convenience completely out the window, but if Amazon gets hacked, all of the credit card numbers I have stored there are no longer usable by anyone, and my real credit card number is still safe.

Kudos0

Re: Security code missing in Identity safe

Norton is following card issuer standard not storing CVV with card number.  Works for me. I've always omitted expiry and CVV.

Kudos0

Re: Security code missing in Identity safe

That's a great idea. Thank you.

Kudos0

Re: Security code missing in Identity safe

That is may be.  But it is a ridiculous reasoning because this way one may leave a credit card on the desk.  This change makes the web site prefill inoperable, defeating one of the main reason to have Identity Safe.

Kudos0

Re: Security code missing in Identity safe

SendOfJive,

This reasoning is suspect, because if I have the credit card in my hand why would I need  NIS wallet to begin with?  I just can take all information from the card.  I believe that most users of this application use it precisely to avoid going for the physical credit card when making online payment.  Besides, nothing prevents me, and actually this is recommended by Symantec, to store CVV in the Comment field.  The only problem with that is while CVV was a hidden field by default, the Comment field is always shows, making CVV storage less secure. 

Kudos1 Stats

Re: Security code missing in Identity safe

This is absolutely ridiculous reasoning for the change.  It does not make sense whatsoever.  It looks like a bug or some dumb ass design decision.

I have several problems with the motivation behind it.

1. If this is a security issue, it is very troubling, because Norton Identity Safe is marketed as a very safe and secure way of storing information.  Now, if for some reason CVV data is not safe, how come all other data is safe?  Makes no sense.

2. The suggestion that generic Comments field is improvement over dedicated CVV field holds no water.  This way, why not to use the Comment field for everything including credit card number, expiration date, etc.  Sounds stupid?  That is what I mean.  CVV field is as critical and as integral as credit card number and the expiration date.  Without it, the payment page prefill does not work. 

3. Before the change, the CVV field for security reasons was hidden.  In fact, Symantec deemed it as the only field, which by default should be hidden.  Now, the proposed alternative is to put CVV in the Comment field, which is not hidden.

4. The idea of the Comment field may be useful.  But it should not be introduced instead of CVV or any other critical field.  If it has to be a choice between CVV and Comment field the common sense should unequivocally choose CVV.

To conclude, the whole thing with CVV looks like a product defect and should be treated as such.

Kudos0

Re: Security code missing in Identity safe

paulfil:

This is absolutely ridiculous reasoning for the change.  It does not make sense whatsoever.  It looks like a bug or some dumb ass design decision.

This is not a bug, but was a design decision for the reasons that have been quoted throughout this thread. Security, in case you leave your PC unattended with the ID Safe still open. You may not let this happen, but a software designer needs to code for the lowest common denominator, or they could be sued when the system fails.

I have several problems with the motivation behind it.

1. If this is a security issue, it is very troubling, because Norton Identity Safe is marketed as a very safe and secure way of storing information.  Now, if for some reason CVV data is not safe, how come all other data is safe?  Makes no sense.

No one is saying the CVV data is not safe.

2. The suggestion that generic Comments field is improvement over dedicated CVV field holds no water.  This way, why not to use the Comment field for everything including credit card number, expiration date, etc.  Sounds stupid?  That is what I mean.  CVV field is as critical and as integral as credit card number and the expiration date.  Without it, the payment page prefill does not work.

Again, no one is saying the Comments field is an improvement. Just a work around.

3. Before the change, the CVV field for security reasons was hidden.  In fact, Symantec deemed it as the only field, which by default should be hidden.  Now, the proposed alternative is to put CVV in the Comment field, which is not hidden.

I will stand to be corrected, but I do not remember that field being hidden if you are looking at the card information, or editing the card. It was masked when a page was filled.

4. The idea of the Comment field may be useful.  But it should not be introduced instead of CVV or any other critical field.  If it has to be a choice between CVV and Comment field the common sense should unequivocally choose CVV.

To conclude, the whole thing with CVV looks like a product defect and should be treated as such.

Again, not a defect. You could check the product suggestions board to add you input to any threads you find on this concern.  https://community.norton.com/forums/product-suggestions

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security code missing in Identity safe

As I commented earlier, the security reason of leaving your PC unattended is one of the lamest excuses possible.  Why?  Because it defeats the purpose of the NIS Wallet. Without Security Code (CVV) field it makes it useless.  If that is the reason, why offer the feature at all?  What is the alternative?  To have your credit card with you whenever you make online purchase?  Why would one need NIS Wallet in that case?  And what if I leave my credit card next to PC?  What this be safer than to store CVV in NIS wallet?
Besides, there are plenty of Web sites, which do not ask for CVV at all (Amazon, for example).  On top of this, Symantec, does not say that the field was removed for the security reason.  It says, it was removed in favor of more generic field: Comments.  Moreover, it encourages (at least, that is what I was told by the customer service), to use Comment field for this purposes.  That all completely disproves the argument that CVV was removed due to security reasons.  It was just plain stupid design decision.   I truly hope it would be reverted.

Kudos0

Re: Security code missing in Identity safe

I came here thinking this was a bug as well.  The CVV suddenly disappearing from the application and making me go and hunt for my physical wallet.  To hear this discussion about why it was intentionally removed makes the whole thing sound like a joke.  The point of me having access to the vault with my information, sitting in my home office, is so that I don't have to go hunt for my credit card every time I want to charge something.  And now I need to write it on a post it, or put it in the comments field?  How stupid is that?

Kudos0

Re: Security code missing in Identity safe

Kudos0

Re: Security code missing in Identity safe

I think it is absolutely unacceptable that the CVV field was removed without any prior warning. The reason I used the wallet was thinking that it was MINE. You deleted data which was MINE. WITHOUT MY PRIOR CONSENT. In my case this was a CVV of a webcard, so now I have to apply for a new one. Some useless effort because Norton think that they have to think instead of me. And because they were wrong. It is like if a Swiss bank removed something from my safe, thinking that it is better for me. 

Ihave been using Symantec products widely, but this action (and also how reliable the Identity Safe in Chrome is) makes me wonder if I should do so in the future. Trust and confidence is a pillar of Norton or just should be. 

Thanks for keeping me busy, dear Symantec.

Kudos0

Re: Security code missing in Identity safe

There has been several patches to NIS software and apparently Symantec stubbornly refuses to return CVV field.

Kudos0

Re: Security code missing in Identity safe

Patches are used to fix bugs in the software. Any new features are usually only introduced with a new version.

The removal of the CVV field was removed as a security enhancement. You can add your say to the product suggestion thread on this issue. https://community.norton.com/en/forums/please-bring-back-cvv-identity-sa...

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security code missing in Identity safe

Dear Peter,

Have you had a chance to read this thread?  I think it is clear that what is being called a "security enhancement" is just a bogus and stupidest claim.  Nobody was able so far reasonably explain how removing CVV enhances the security and why such enhancement is needed.
How about along these lines to further enhance security to remove credit card number from CVV?  Well if user needs to have a physical credit card to complete online transaction (to read from it CVV), why not to get the entire credit card number?  After all credit card number is much more compromising and targeted information than CVV.  And when we at the security enhancement, why not to discontinue NIS all together?  That would be the most secure approach!  Don't you think?

Kudos0

Re: Security code missing in Identity safe

paulfil

As you have read the entire thread, you know I have read it and posted a number of replies. I even replied to one of your earlier posts.

The best reply in this thread about the security question raised here about the CVV is provided by SendOfJive in his post here. It is the security for the card issuer and the merchants that is paramount. It was never a question of the security of the ID Safe data.

The rest of the wallet data does get filled in for you and you only have to type 3 characters. 

As to discontinuing Identity Safe, there is always an option to disable the feature. You will always have to weigh the benefits of convenience and security when using a product like Identity Safe. Only you can decide if you are comfortable with any possible exposure of your personal data when online. Whether typed manually or entered automatically by a utility such as ID Safe.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security code missing in Identity safe

So if you read all the posts on the subject, could you please answer then the following: why prevent customers who want to use CVV field from having it?  

After all, Symantec tech support suggested to me personally to use generic Card Comments field for CVV.  And I believe I read it somewhere (don't have the time to find it now) in Symantec description of changes, that Symantec decided to replace CVV field with a more generic and therefore more useful comments field.  So, here is your theory of security goes out of the window.  If I can and encouraged to use Card Comments field to store CVV, where is the security enhancement?

Now, about "the security for the card issuer and the merchants that is paramount".  As a credit card owner I can do anything I want with my credit card.  I can write my credit card information anywhere I wish, and there is nobody to stop me.  Is this correct?  I can write it on sticky note and attache it to my screen?  Can I do this?  What would happen with the "the security for the card issuer and the merchants that is paramount"?  Who would protect it then?

So, tell me know, how come NIS are able to allow me to save all credit card information, but CVV in the CVV field.  Yet it allows me to save CVV in Comments field.  In CVV field the data is used to be masked.  In Comments field it is not.  So, where is the protection of "the security for the card issuer and the merchants that is paramount"?

Do you see the logic of these arguments and total absence of the logic in your argument?

If Symantec is unable to protect users from themselves, why try?  Why to remove a very useful feature enjoyed by the users and by doing so make the tool inconvenient at best and useless at worst?

This thread is closed from further comment. Please visit the forum to start a new thread.