[Cryptography] French credit card has time-varying PIN
John Levine
johnl at iecc.com
Mon Oct 3 19:44:03 EDT 2016
>What surprise me, though: In an era of chip-and-pin - which is pretty much universal in Europe by now, except for US tourists - why would you want this? What's the number
>printed on the card being used for? I suppose you could use it for Internet shopping and similar card-not-present transactions - is that what this is really aimed at?
It's the CVV, purely intended for card-not-present.
If the CVV changes every hour, and you allow one slot of slop for someone who
places an order just before the number changes, that still makes it 500-1 to
guess the right number, which seems pretty unfavorable for bad guys.
AmEx has a four digit CVV, dunno whether MC and V could accept longer CVVs.
R's,
John
PS: How many US cards don't have chips now? All mine have for at
least a year. A few of them even have PINs.
More information about the cryptography
mailing list