LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

This is strange...

This is strange...

Posted Dec 10, 2011 15:16 UTC (Sat) by corbet (editor, #1)
In reply to: This is strange... by khim
Parent article: Google Authenticator for multi-factor authentication

Our experience as a credit card merchant suggests that banks differ widely in the practices they apply. For a lot of them, if you have a number, that's all they care about. We routinely get emails from people who realize they put in the wrong name or expiration date, but the charges go through just fine. Other banks insist on correct address information and will turn down charges because they don't like the position of the moon that night.

(Log in to post comments)

expiration date in credit card authentication

Posted Dec 10, 2011 18:02 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

It doesn't surprise me that for some charges the expiration date has to be right. There's a lot of diversity in this area.

But I know that traditionally, the expiration date wasn't part of authentication. When I did it, it was in 1999 using a traditional merchant credit card terminal.

Banking computing standards often take a decade to make even a trivial change because regulators are very careful. I'm pretty sure that this terminal wasn't even capable of transmitting the expiration date I typed to its partner.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds