GR-6.3.12
(a) no information on any of the elements of the strong customer authentication can be derived from the disclosure of the authentication code;
(b) it is not possible to generate a new authentication code based on the knowledge of any other code previously generated; and
(c) the authentication code cannot be forged.
Added: April 2019