Quote:
Originally Posted by madawgz
all its doing is apparently generating a new cvv2 number on the back, which is longer than the normal 3 digits
|
This is added extra, it's not replacing the cvv2.
The random number generator is simply an algorithm and it is intitialised with a secret code. This means the bank can set the secret prior to sending you your card and then keep their algorithm (on their server) in sync with yours.
That somebody would somehow break this algorithm is misplaced as their are internatioanlly recognised algorithms accepted and tested by the community/academics/NSA that cant be cracked within the lifetime of the universe using current computers.
A man in the middle attack would be a possibility but not in the presence of SSL which is being checked by the browser.
If this is a one time code then a man in the middle attack would only grab a code that can be used once and probably for a limited period of time or not at all if your transaction has gone through. This seerely limits the exposure of your card as the static card number is not being used to authorise a transaction.
All in all this idea is a good one that will protect consumers and make them more confortable using a creditcard to purchase online and feel safe doing so.