[Cryptography] French credit card has time-varying PIN
Theodore Ts'o
tytso at mit.edu
Tue Oct 4 00:19:07 EDT 2016
On Mon, Oct 03, 2016 at 11:44:03PM -0000, John Levine wrote:
>
> It's the CVV, purely intended for card-not-present.
>
> If the CVV changes every hour, and you allow one slot of slop for someone who
> places an order just before the number changes, that still makes it 500-1 to
> guess the right number, which seems pretty unfavorable for bad guys.
I suspect that even changing the CVV once a day (generated from the
hash of a secret plus the date) would be useful from an anti-fraud
perspective.
- Ted
More information about the cryptography
mailing list