All About Fraud: How Crooks Get the CVV | Krebs on Security

“The vast majority of the time, this CVV data has been stolen by Web-based keyloggers…. a relatively uncomplicated program that behaves much like a banking Trojan does on an infected PC, except it’s designed to steal data from Web server applications.”