[Cryptography] French credit card has time-varying PIN

Ron Garret ron at flownet.com
Tue Oct 4 01:43:31 EDT 2016


On Oct 3, 2016, at 4:44 PM, John Levine <johnl at iecc.com> wrote:

>> What surprise me, though:  In an era of chip-and-pin - which is pretty much universal in Europe by now, except for US tourists - why would you want this?  What's the number
>> printed on the card being used for?  I suppose you could use it for Internet shopping and similar card-not-present transactions - is that what this is really aimed at?
> 
> It's the CVV, purely intended for card-not-present.
> 
> If the CVV changes every hour, and you allow one slot of slop for someone who
> places an order just before the number changes, that still makes it 500-1 to
> guess the right number, which seems pretty unfavorable for bad guys.

No, it just means you have a one-hour window between phishing the CVV and using it.

rg




More information about the cryptography mailing list