Insecure verification

February 1st, 2010

Ross Anderson on how the banks and credit card companies have pulled a fast one by pushing customers to use the 3D Secure system to 'protect' their online purchases:

Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it. In a paper I'm presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it's becoming a fat target for phishing. So why did it succeed in the marketplace? [...]

Surprisingly enough, it's got very little to do with security and a great deal to do with shifting liability for losses onto customers.

[Via Bruce Schneier]

Tags for this entry banking, commerce, money

This entry was posted on Monday, February 1st, 2010 at 23:17. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Sore
Eyes

Search

Set default text size

Related posts

Recent posts

Recent Comments

Gordon: Agreed. Adoresabubbles!!
John: I’ve a feeling that between the various...
Fergalod: In Northern Ireland we use “mizzle”...
John: In the final (non-quantitative) analysis,...
Darren: Robert X. Cringely said something similar in his...
John: No problem.
Burt Kocain: Just a line to say thanks for your blog,...
John: It’s been so long since I read anything about...
Dan Hon: I remain slightly excited about Elysium, Neil...
John: I see the logic of saying goodbye to the Ponds...

Recent listening

Tags

academia actors Administrivia adverts aerobatics afghanistan africa aircraft alternate history amazon american football amphibians anglicanism animals animation animatronics anonymity antarctica anthropology ants apple april fool archaeology architecture arctic art astronomy atheism athletics australia autism automation azerbaijan backups bacon bad science banking bbc belarus belgium biology birds bookmarklet books brazil breeding broadcasting buildings bureaucracy burning man buses business cake calendars canada cars cartoons catholicism cats celebrities cephalopods charity chemistry chess children chile china christianity circus cities climbing clock clothing cold war colonialism comics commerce computers conservation cornwall countryside cover art cover versions crafts creative commons cricket crime css culture currency cute dance dark patterns data protection data recovery death demographics denmark design dinosaurs diplomacy disarmament disney dna doctor who dogs dr seuss dubai ebay eccentrics economics education egypt employment encryption engineering english environment espionage europe evangelical evolution exams excel exoplanets eyesight facial hair family fantasy fashion fiction Film Film, TV, Music Film/TV/Music finland fire fish flags fonts food football forecasting formula1 fossils france fraud fundraising funerals furniture game of thrones Games gaming geekery General genetics geography geology germany giraffe globalisation goatse goldfish google gopher government grammar greenland guns halloween hardware health higher education history holland hong kong horror hotels house of lords housing hubble space telescope hugging Humour ice iceland india industrial archaeology infographics infrastructure insects intellectual property internet Internet/Tech interview investment iplayer iran iraq ireland israel iss italy itunes japan jargon jewellery journalism juggling jupiter justice kickstarter kindle language last.fm law layer tennis lego libel libraries linux literature logistics logos london long now lost luck mac os x magazines manchester map marketing mars mashups mathematics medicine meta meteorology microsoft military mimas Misc monarchy money muppets music mythology namibia nasa nature neptune Net culture networking newcastle news newspaper new york city new zealand nicaragua northern ireland north korea nostalgia nuclear power numbers obituary oceans olympics Online Comics online culture optical illusion oscars outsourcing pakistan panama pandemic parenthood parody patronage penguins pets phobos phone hacking photography physics physiology Pictures pixar plumbing pluto podcasts poland police Politics pollution population predictions presentation prisons privacy privatisation profiles programming propaganda psa psychology public relations punctuation puppet quiz quotations radio referendum religion remakes reptiles republicanism reviews riaa robots rock & roll romania royal mail rugby union running russia saturn saudi arabia scandal Science scotland seborga secrecy security sedna sex sexism sharks ships sigfile! sinclair singularity sky slavery sleep slingshot slovenia social networking Software sound south africa south pacific soviet union space spain Speculative Fiction spelling spiders Splitters! sport spreadsheets squash sri lanka stalking star trek star wars stationery statistics storytelling stupidity super-rich superheroes surfing surveillance state sweden sweets switzerland t-shirt tablet computing Technology theatre the moon time tourism toys trains turkey TV twitter typo u2 UFOs uk unix Untitled urban life usa usenet user interface vegetarianism venus video vietnam vigilantes volcano war war on terror water weather web webcam webcomics weblogging weird welfare state wikileaks wildlife windfarms windows wine world war 1 world war 2 wrestling writing wtf yemen youtube yugoslavia zebra zimbabwe zionism zombies

Archives

Pre-November 2002 entries...