1 comment

[ 3.6 ms ] story [ 15.4 ms ] thread
The CVV and CVV2 are generated from the PAN, IIN, Expiration Date, and encrypts that value with 3DES and a key specific to that run of cards.

Is this at all correct? The article doesn't give a source, so does anyone have a citation?