Jack, Cardholder authentication and payment authorization are not within the scope of 3D-Secure, so I still don't see how these tokens matter at all in context of 3D-Secure.
While there might be some issuers opting to use hashed passwords (i.e. MD5), most use passwords over SSL. If you are referring to CAVV as being similar to the tokens described in '682, I disagree. Best, Don Park
