FYI: Trusted Reviews | Visa Revamps Humble Credit Card.

[Charles Lindsey]

On Wed, 12 Nov 2008 14:37:00 -0000, Paul Vigay <ukcrypto@vigay.com> wrote:

> But presumably the security is only as strong as the weakest link in the
> chain. Even though it generates a one-time security code, if the PIN is
> compromised, then a hacker could generate the one-time security code too.
>
Only if he has physical possession of the card too.

But I am a litle curious as to how the one-time code is generated.

With the little gizmo that Natwest gives me for my online banking, they  
give you a challenge which you type into the gizmo, and it gives you back  
the security code.

But this seems to rely on some purely internal mechanism to generate the  
next in some pseudo-random sequence, so how does Visa know whereabouts in  
the sequence your card is? Note that you may inadvertently generate extra  
codes, so it is not a matter of keeping track of which code you used with  
a merchant last time.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5