[Cryptography] French credit card has time-varying PIN
Ray Dillinger
bear at sonic.net
Wed Oct 5 15:07:13 EDT 2016
On 10/04/2016 08:58 PM, Peter Gutmann wrote:
> The trick in trying to make something secure is to find the
> component that can't be solved/overrun with technology, cashing out cards is a
> prime example of this.
I do not believe this is necessarily true. There are any number
of online outlets from which a 'bot can place an order instantly.
In some future iteration of the security arms race, we're going
to see scripted attacks which do exactly that. And then automated
stolen-card marketplaces on the other side of the net where card
information is brokered by bots in seconds rather than by humans
in hours, not unlike the automatic systems for trading stocks.
Just because it's harder and riskier than what they're doing
today, doesn't mean the price (in effort and risk) can't be
driven that high in a scarcity market once the easy pickings
are gone. But I really like the idea of a scarcity market;
high prices in effort and risk mean a much lower demand volume.
> In addition there's the outrunning-the-bear issue, you don't have to stop
> every single possible attack, you just have to be more secure than everyone
> else.
Indeed. This system is at least three orders of magnitude
better than what's out there now; crooks won't try to cope
with it until the easy-pickings are getting scarce and the
cost in effort and risk meets a much higher demand curve.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161005/236ca330/attachment.sig>
More information about the cryptography
mailing list