AWS payment-cryptography documentation change
Summary
Updated example parameters for CSC2 generation/validation (service code, expiration date format, and usage notes)
Security assessment
Corrects example command parameters and adds contextual notes (e.g., valid service codes). While this improves accuracy, there is no evidence it addresses a security vulnerability.
Diff
diff --git a/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md b/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md index 335592a99..2880fb3b6 100644 --- a//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md +++ b//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md @@ -95 +95 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the -CSC Version 2 is also known as the Enhanced CSC Algorithm. The service can provide it as a 3,4 or 5 digit number. +CSC Version 2 is also known as the Enhanced CSC Algorithm. The service can provide it as a 3,4 or 5 digit number. The service code for CSC2 is typically 000. @@ -102 +102 @@ For all available parameters see [AmexCardSecurityCodeVersion2](https://docs.aws - $ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CSC1"},{"Key":"CARD_BIN","Value":"12345678"}]' + $ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CSC2"},{"Key":"CARD_BIN","Value":"12345678"}]' @@ -141 +141 @@ Take note of the `KeyArn` that represents the key, for example _arn:aws:payment- -In this example, we will generate a CSC2 with a length of 4. CSC can be generated with a length of 3,4 or 5. For American Express, PANs should be 15 digits and start with 34 or 37. +In this example, we will generate a CSC2 with a length of 4. CSC can be generated with a length of 3,4 or 5. For American Express, PANs should be 15 digits and start with 34 or 37. Expiration date is typically formatted as YYMM. Service code may vary - review your manual but typical values are 000, 201 or 702 @@ -144 +144 @@ In this example, we will generate a CSC2 with a length of 4. CSC can be generate - $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data-length 4 + $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=2412,ServiceCode=000}' --validation-data-length 4 @@ -160 +160 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the - $ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data 3982 + $ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=2412,ServiceCode=000}' --validation-data 3982