CVV numbers

• Previous message (by thread): CVV numbers
• Next message (by thread): CVV numbers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9 June 2012 22:42, Scott Howard <scott at doc.net.au> wrote:

> There is no way to "derive" the CVV2 number.  It is little more than a
> random number assigned to the card.
> [...]
> It is verified by comparing it to the known CVV2 number stored by the
> credit card company/bank that issued the card.
>
>
I don't think this is correct - I believe the Wikipedia entry is accurate:

---snip---
CVC1, CVV1, CVC2 and CVV2 values are generated when the card is issued. The
values are calculated by encrypting the bank card number (also known as the
primary account number or PAN), expiration date and service code with
encryption keys (often called Card Verification Key or CVK) known only to
the issuing bank, and decimalising the result
---snip---
http://en.wikipedia.org/wiki/Cvv2


I suspect the issuing banks can share their CVKs with the card scheme
operators (Visa, MC, Amex) if they want them to validate transactions on
their behalf.

Aled

• Previous message (by thread): CVV numbers
• Next message (by thread): CVV numbers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]