[Cryptography] French credit card has time-varying PIN

[John Levine]

>What surprise me, though:  In an era of chip-and-pin - which is pretty much universal in Europe by now, except for US tourists - why would you want this?  What's the number
>printed on the card being used for?  I suppose you could use it for Internet shopping and similar card-not-present transactions - is that what this is really aimed at?

It's the CVV, purely intended for card-not-present.

If the CVV changes every hour, and you allow one slot of slop for someone who
places an order just before the number changes, that still makes it 500-1 to
guess the right number, which seems pretty unfavorable for bad guys.

AmEx has a four digit CVV, dunno whether MC and V could accept longer CVVs.

R's,
John

PS: How many US cards don't have chips now?  All mine have for at
least a year.  A few of them even have PINs.