CC shared secret
Roland Perry
ukcrypto at chiark.greenend.org.uk
Wed, 6 Aug 2008 19:55:48 +0100
In article <op.ufg59xsy6hl8nm@clerew.man.ac.uk>, Charles Lindsey
<chl@clerew.man.ac.uk> writes
>Your passwprd, secret, etc never go through the merchant's site, and
>you do not have to disclose the magic number on the back of the card.
But to go back to my original question, presumably you *are* disclosing
it to CYOCOTA, and maybe they have a copy of everyone's secret so they
can check they match. Or does CYOCTA contact each cardholder's bank in
real time with a copy of the secret asking "does this match"? And
hopefully throwing away its copy of the shared secret afterwards.
--
Roland Perry