On cryptographic properties of the $CVV$ and $PVV$ parameters generation procedures in payment systems

Two important mechanisms to provide security of payment systems are the checks made with parameters $CVV$ and $PVV$. In the current paper the provable security approach is exploited to analyze the two-pass decimalization procedure used, for example, by VISA. It is shown that the standard method of upper estimating the insecurity does not allow to claim security of this procedure since it provides not very good bounds for probabilistic characteristics of practical parameters. Therefore this procedure is not recommended to be used in the MIR payment system. We propose a simple procedure as a replacement that turns out to be much more secure.