Reply to post: Luhn Check to Retrieve card details

TalkTalk downplays extent of breach damage, gives extra details

Simon Davidson

Luhn Check to Retrieve card details

I don't understand how they say credit card details are safe if they have only masked 6 digits. It would be relatively trivial to work out valid remaining numbers by simple luhn checking. Find a particular card that has relatively few valid luhn options (using the existing details) and reverse the encryption based on that. I believe PCI-DSS should be much more restrictive than it currently is and not allow masked details to be included in the same detail as the encrypted card number as you are basically making breaking the encryption easier.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019