jm + visa   5

3D Secure and Verified By Visa to be canned
Yay.
Mastercard and Visa are removing the need for users to enter their passwords for identity confirmation as part of a revamp of the existing (oft-criticised) 3-D Secure scheme.
The arrival of 3D Secure 2.0 next year will see the credit card giants moving away from the existing system of secondary static passwords to authorise online purchases, as applied by Verified by Visa and MasterCard SecureCode, towards a next-gen system based on more secure biometric and token-based prompts.


(via Gordon)
via:gsyme  verified-by-visa  3d-secure  mastercard  visa  credit-cards  authentication  authorization  win  passwords 
november 2014 by jm
IPSO representative trivialising impact of the Loyaltybuild data breach
A very worrying quote from Una Dillon of the Irish Payment Services Organisation in regard to the Loyaltybuild incident:
“I wouldn’t be overly concerned if one of my cards was caught up in this,” Dillon says. “Even in the worst-case scenario – one in which my card was used fraudulently – my card provider will refund me everything that is taken”.


This reflects a deep lack of understanding of (a) how identity fraud works, and (b) how card-fraud refunds in Ireland appear to work.

(a): Direct misuse of credit card data is not always the result. Fraudsters may prefer to instead obtain separate credit through identity theft, ie. using other personal identifying data.

(b): Visa debit cards have no credit limit -- your bank account can be cleared out in its entirety, and refunds can take a long time. For instance, http://www.askaboutmoney.com/showthread.php?t=174482 describes several cases, including one customer who waited 21 days for a refund.

All in all it's trivialising a major risk for consumers. As I understand it, a separate statement from IPSO recommended that all customers of Loyaltybuild schemes need to monitor their bank accounts daily to keep an eye out for fraud, which is pretty absurd. Not impressive at all.
loyaltybuild  ipso  money  cards  credit-cards  visa  debit-cards  payment  fraud  identity-theft  ireland 
november 2013 by jm
Verified by Visa and MasterCard SecureCode kill 10-12% of your business
As Chris Shiflett noted: not only are they bad for security, they're bad for business too.
12 percent of users consider abandoning [an online shopping transaction] when they see either the Verified by Visa or the American Express SafeKey logos, while 10 percent will consider abandoning when the see the MasterCard Secure card logo.
ecommerce  vbv  online-shopping  mastercard  visa  securecode  security  fail 
june 2013 by jm
Spammers Are Now Using Verified By Visa
Visa's atrociously-designed "security" program is now being used by criminals to process their credit-card payments, allegedly
verified-by-visa  spam  visa  security  from delicious
february 2011 by jm
Ross Anderson and Steven J Murdoch rip into Verified By VISA
'this is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure.'
verified-by-visa  security  phishing  web  banks  banking  money  authentication  finance  visa  3dsecure  papers  from delicious
february 2010 by jm

Copy this bookmark:



description:


tags: