[Cryptography] French credit card has time-varying PIN

[John Levine]

>Well, guess what: problem not solved.  Why?  Because criminals will trivially adapt to the new circumstances.  It?s just not that hard for phishers to
>set up a distribution channel with latency measured in seconds rather than days.  The only reason they haven?t done it so far is that it hasn?t been
>necessary.  If it becomes necessary, they will do it.  This is their livelihood after all.

People who know a lot more than me about this tell me that finding
mules to cash out is the chokepoint in credit card fraud.  You can buy
a gazillion "fullz" with name, address, card number and CVV, for like
a dollar apiece, because they are so hard to monetize.

They will certainly adapt to some degree, but this appears to be a
place where it'll be hard.

R's,
John