[Cryptography] French credit card has time-varying PIN
John Levine
johnl at iecc.com
Mon Oct 3 21:27:35 EDT 2016
>> And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.
>
>... except this only works when you're talking about immediate transactions -- and I'd be very, very surprised if there weren't still a fair percentage of delayed transactions.
No, it just means that the transaction needs a time stamp so the bank
can tell what the CVV should have been. I don't immediately see that
as a security problem unless you have a bank so dumb that it'll let
merchants do 500 transactions with timestamps two hours apart to try
and guess the CVV.
R's,
John
More information about the cryptography
mailing list