[Cryptography] French credit card has time-varying PIN
John Levine
johnl at iecc.com
Tue Oct 4 13:14:09 EDT 2016
>Well, guess what: problem not solved. Why? Because criminals will trivially adapt to the new circumstances. It?s just not that hard for phishers to
>set up a distribution channel with latency measured in seconds rather than days. The only reason they haven?t done it so far is that it hasn?t been
>necessary. If it becomes necessary, they will do it. This is their livelihood after all.
People who know a lot more than me about this tell me that finding
mules to cash out is the chokepoint in credit card fraud. You can buy
a gazillion "fullz" with name, address, card number and CVV, for like
a dollar apiece, because they are so hard to monetize.
They will certainly adapt to some degree, but this appears to be a
place where it'll be hard.
R's,
John
More information about the cryptography
mailing list