|
| notwedtm wrote:
| From my understanding CVV/CVCs are a function of the PAN, expiry,
| and some DES encryption. Does this mean that the target bank had
| a weak DES key or was some other vulnerability discovered?
| gus_massa wrote:
| My guess is that he discovered a method to break the Luhn check
| https://en.wikipedia.org/wiki/Luhn_algorithm that is not a
| strong check. It's only useful to avoid typos. That's probably
| enough to make the "send" button happy.
|
| I guess he didn't discover how to break the secret code of the
| card, and the transactions were flagged by the server
| immediately. Some servers flag the card secretly, so credit
| card thieves have more problems to validate the stolen cards.
|
| The press article claims it was something impressive, but my
| guess is that it's just a bad report by the police or by the
| journalists.
| dataflow wrote:
| I don't think it's like that? At least in the US, you can have
| literally the same card number, expiry, and name, with only the
| CVC being different.
| ankaAr wrote:
| A newspaper vendor from Buenos Aires, Argentina,has been captured
| for credit card fraud with thousands of them.
|
| News and police claimed that he developed an algorithm, to
| calculate, by hand, valid credit cards numbers and codes.
|
| Ps: his last name is Falsetti, false.. etti
|
| Edit: I don't know where is the URL, I will add that here (in
| Spanish).
|
| https://www.lanacion.com.ar/seguridad/falsetti-el-estafador-...
| gus_massa wrote:
| Autotranslation: https://www-lanacion-com-
| ar.translate.goog/seguridad/falsett...
|
| I read it this morning and was very surprised. Is this just
| some congruence modulo a big number? Is this check well known
| and the police/newspaper is overhyping then discovery?
|
| (If it's so secret and powerful, why are they publishing a
| photo of the method?)
___________________________________________________________________
(page generated 2022-05-20 23:00 UTC) |