[Cryptography] French credit card has time-varying PIN
Howard Chu
hyc at symas.com
Tue Oct 4 12:03:54 EDT 2016
RB wrote:
> On Tue, Oct 4, 2016 at 1:52 AM, Howard Chu <hyc at symas.com> wrote:
>> Yep, I noticed the same. Quite annoying, so you still can't use them at e.g.
>> subway ticket kiosks and the like.
>
> Most US-issue EMV cards still have signature priority rather than PIN
> priority, and it's hard to dig through the banks' BS to figure out
> which CMV priority they set. Some will set online PIN as second
> priority, but that's relatively rare too. When I looked into this
> about 14 months ago, the only US credit issuer to do PIN primary
> (whether online or ICC) was First Tech Credit Union.
>
> I don't know how up-to-date the data is, but this [1] site was helpful
> in determining which issuers did what, and appears to have evolved
> since I last checked. YMMV, I wish this kind of data was a little more
> open and plain.
>
> [1] https://www.spotterswiki.com/emv/
>
Hey, thanks for this pointer. It got me to look into cardpeek, which reminded
me that I have a smartcard reader built into this Dell M4400 laptop that I've
never used. Until now. I was able to successfully read the CVMs of a couple of
my Visa cards. Strangely, it wasn't able to get any information from one of my
other cards.
Two of my Visa cards actually have PIN first in the priority list, but only
"If unattended cash" - e.g. kiosks and ATMs I suppose. So for an in-store
purchase with a checkout counter, it still drops into #2 "Signature (paper) -
If terminal supports the CVM"
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list