[Cryptography] French credit card has time-varying PIN
Ron Garret
ron at flownet.com
Tue Oct 4 19:56:27 EDT 2016
On Oct 4, 2016, at 10:14 AM, John Levine <johnl at iecc.com> wrote:
>> Well, guess what: problem not solved. Why? Because criminals will trivially adapt to the new circumstances. It?s just not that hard for phishers to
>> set up a distribution channel with latency measured in seconds rather than days. The only reason they haven?t done it so far is that it hasn?t been
>> necessary. If it becomes necessary, they will do it. This is their livelihood after all.
>
> People who know a lot more than me about this tell me that finding
> mules to cash out is the chokepoint in credit card fraud. You can buy
> a gazillion "fullz" with name, address, card number and CVV, for like
> a dollar apiece, because they are so hard to monetize.
That’s the price for dead fullz. Live ones cost $100+
http://venturebeat.com/2015/02/08/fullz-dumps-and-cvvs-heres-what-hackers-are-selling-on-the-black-market/
> They will certainly adapt to some degree, but this appears to be a
> place where it'll be hard.
Why? Switching to a JIT supply chain just isn’t that hard, particularly for digital goods. I don’t see any reason why haxers won't do it if that’s what it takes to stay in business.
rg
More information about the cryptography
mailing list