![]() |
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
| UK Finance (uk.finance) Discussion about Finance issues in the UK. |
| Tags: secure |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
|
Some researchers at Cambridge University say that Verified by Visa and
Mastercard Secure Code have security problems. http://www.pcworld.idg.com.au/article/334105 http://www.cl.cam.ac.uk/~rja14/Paper...securecode.pdf There's nothing new here for anyone who has been following this group, but it is still an interesting read. |
| Ads |
|
#2
|
|||
|
|||
|
"Jonathan Bryce" wrote in message ... Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems. http://www.pcworld.idg.com.au/article/334105 http://www.cl.cam.ac.uk/~rja14/Paper...securecode.pdf There's nothing new here for anyone who has been following this group, but it is still an interesting read. Yes, interesting that the author of the latter works for Cronto, who are trying to flog an alternative transaction verification system - http://www.cronto.com/ There seem to be a lot of theoretical scenarios where customers could be defrauded and not get their money back, but how many times has this actually happened in the real world and is it any worse than before? It was just the same when cash machines first came out, credit cards, online banking, chip & pin etc. -- Andy |
|
#3
|
|||
|
|||
|
Jonathan Bryce wrote:
Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems. There's nothing new here for anyone who has been following this group, but it is still an interesting read. And they make the common assumption that vendors/card processor using this system actually serve the form from Cyota. Many of them don't, or at least didn't, including major card processors, and British Gas. They copy the form into their own page, and go man in the middle on the outbound leg. |
|
#4
|
|||
|
|||
|
Bitstring , from the
wonderful person Postman Pat said Anyway, even when it works, it fails to recognise my password, so I go for the "not yet enrolled" option and knock up a pwd there and then. They have have dozens of passwords for me now, and I am sure I am not alone. Me too, mostly caused by the fact that my wife and I had joint cards and she could never remember the password I used, nor I the one she set (assuming even she could remember it). The Mastercard version, whatever it is called, doesn't seem to understand the concept of two different users with same card number (which I guess is Capital One's fault ... most other card issuers give secondary card a different number). -- GSV Three Minds in a Can 16,110 Km walked. 2,937 Km PROWs surveyed. 53.1% complete. |
|
#5
|
|||
|
|||
|
On Jan 30, 8:06*pm, "Andy Pandy"
wrote: "Jonathan Bryce" wrote in message ... Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems. http://www.pcworld.idg.com.au/article/334105 http://www.cl.cam.ac.uk/~rja14/Paper...securecode.pdf There's nothing new here for anyone who has been following this group, but it is still an interesting read. Yes, interesting that the author of the latter works for Cronto, who are trying to flog an alternative transaction verification system -http://www..cronto.com/ There seem to be a lot of theoretical scenarios where customers could be defrauded and not get their money back, but how many times has this actually happened in the real world and is it any worse than before? It was just the same when cash machines first came out, credit cards, online banking, chip & pin etc. You don't need to worry, because banks are fine institutions and they are always the first to admit to their mistakes and to refund monies wrongly taken from their customers' accounts and they would never dream of prosecuting a customer for complaining about phantom withdrawals. |
|
#6
|
|||
|
|||
|
On Jan 31, 7:50*am, Postman Pat wrote:
David Woolley wrote Jonathan Bryce wrote: Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems. There's nothing new here for anyone who has been following this group, but it is still an interesting read. And they make the common assumption that vendors/card processor using this system actually serve the form from Cyota. *Many of them don't, or at least didn't, including major card processors, and British Gas. *They copy the form into their own page, and go man in the middle on the outbound leg. VBV is a PITA. I use Firefox with the No-script plug-in and VBV usually fails due to the way it is implemented. Anyway, even when it works, it fails to recognise my password, so I go for the "not yet enrolled" option and knock up a pwd there and then. They have have dozens of passwords for me now, and I am sure I am not alone. I was able to reset my password using my birthdate but I was shocked to learn that in some cases even that's not required. The best strategy is then to set up a new password each time, since a thief could have set up the new password as well. |
|
#7
|
|||
|
|||
|
"S" wrote in message ... Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems. http://www.pcworld.idg.com.au/article/334105 http://www.cl.cam.ac.uk/~rja14/Paper...securecode.pdf There's nothing new here for anyone who has been following this group, but it is still an interesting read. Yes, interesting that the author of the latter works for Cronto, who are trying to flog an alternative transaction verification system -http://www.cronto.com/ There seem to be a lot of theoretical scenarios where customers could be defrauded and not get their money back, but how many times has this actually happened in the real world and is it any worse than before? It was just the same when cash machines first came out, credit cards, online banking, chip & pin etc. You don't need to worry, because banks are fine institutions and they are always the first to admit to their mistakes and to refund monies wrongly taken from their customers' accounts and they would never dream of prosecuting a customer for complaining about phantom withdrawals. Nah, they're all *******s - don't trust them. Insist on getting paid in cash and shove it all under the mattress. Much safer. -- Andy |
|
#8
|
|||
|
|||
|
"GSV Three Minds in a Can" wrote in message ... Bitstring , from the wonderful person Postman Pat said Anyway, even when it works, it fails to recognise my password, so I go for the "not yet enrolled" option and knock up a pwd there and then. They have have dozens of passwords for me now, and I am sure I am not alone. Me too, mostly caused by the fact that my wife and I had joint cards and she could never remember the password I used, nor I the one she set (assuming even she could remember it). I might be missing something - but WTF is the point of VBV if you can simply set up a new password each time? I thought the idea was you registered a password against a card and you could then only use that card for online purchases with that password. Only one of my cards has insisted on me registering, I've not used it since the initial registration. -- Andy |
| Thread Tools | |
| Display Modes | |
|
|