Re: credit card conventional wisdom
There is in fact a distinction between "card present" and "card not present" transactions. AMEX cards for example have an extra group of four digits which are not part of the embossed card number. They are used as additional verification to prove that a card is present.
So the run-it-through-the-mechanical-device is treated as card not present? /r$
For AMEX, it apears not! Or at least there is a requirement for the assistant to enter the extra four digits in certain cases. The precise nature of the circumstance when they are required to be card present I am not sure (in fact I would bet they vary). There is no reason why the magnetic strip should necessarily be considered to be card present. It is easy enough to forge, readers need not be attended (eg petrol pumps). I'm not sure on the exact rules, I don't pay $80 for the privillege of having plastic! Thew main point I was responding to was the "add information to card that is not on the stripe" point of the original poster. Phill
On Tue, 14 Nov 1995, Rich Salz wrote:
There is in fact a distinction between "card present" and "card not present" transactions. AMEX cards for example have an extra group of four digits which are not part of the embossed card number. They are used as additional verification to prove that a card is present.
So the run-it-through-the-mechanical-device is treated as card not present?
No. What Phil is saying is that the magnetic strip contains an extra group of digits which are only available when the stripe is read, and not when the card is used for CNP. I can't confirm or deny this, as despite my new bosses, I still find it hard to care about credit card readers (mostly because US banks won't let me have any). Simon
No. What Phil is saying is that the magnetic strip contains an extra group of digits which are only available when the stripe is read, and not when the card is used for CNP.
The extra gigits I was refering to are the ones on the front of the card but not embossed. Credit card data formats are avaliable in an issue of phrack. There is also an article on credit card abuse "safe and esay carding by VaxBuster". VaxBuster is I believe currently living in a secured community somewhere in Texas making little ones out of big ones.l Phill PS Simon is right about Blum Blum Shub, note that there is a new PRNG avaliable called Pew, Pew, Barley, McGrew.
-----BEGIN PGP SIGNED MESSAGE-----
No. What Phil is saying is that the magnetic strip contains an extra group of digits which are only available when the stripe is read, and not when the card is used for CNP.
The extra gigits I was refering to are the ones on the front of the card but not embossed. Wow, you learn something every day. I've never in my whole life (well, my American Express life, over 15 years) noticed those four digits. I've never been asked for them by anyone, or noticed them being written down, either. Exactly when and how are they used? Greg. Greg Rose INTERNET: greg_rose@sydney.sterling.com Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921 28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45 NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMKqGSaRQkCwJ0+ZNAQEjlQQAuC4eQWHqvQCy8f07W8F7cQtTkvjq3uya s2dx3aTyRRNd/pdS3AgdK58asxJPb59xGKj/2PP/7lWahC1ghDxmHv380V5DuRNq VREIsMjxcmk/X/1NxjN5nGza1imvwj8DlQ8jEuPgk5mNkcyIiyhRuNmQnYdcJkbR nGb91Eg/+Ss= =27gx -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Oops, following up my own posting, it proves I should have been more careful... I wrote Wow, you learn something every day. I've never in my whole life (well, my American Express life, over 15 years) noticed those four digits. I've never been asked for them by anyone, or noticed them being written down, either. Exactly when and how are they used? But when I reread it I thought it sounded sarcastic. It isn't -- there really are an extra four digits printed on both my Amex cards that I'd never noticed before -- and my question is serious. Greg. Greg Rose INTERNET: greg_rose@sydney.sterling.com Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921 28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45 NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMKqhTaRQkCwJ0+ZNAQGchQQAsmID1hHpIxJzjeXpkrrNxW4IWVoQwyel 2xb5VAoam37CPLj7ic5M+TqRh+FTBEwWItr3Uv18isv3+dYC7fKCvE7YCMBvENeO xHzuNqoPiHCUnBUbFRP4U8/RO/GGdiPOo6ZlOnzOOmdzD2yDsWfPx6t6x0bVsFN+ 63G/e6EgXzs= =Xzwz -----END PGP SIGNATURE-----
participants (4)
-
Greg_Rose@sibelius.sydney.sterling.com -
hallam@w3.org -
Rich Salz -
Simon Spero