| Friday April 25th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Verified by Visa: British banks phish their own customers


Security expert Ben Laurie has a scorching indictment of the “Verified by Visa” program used by British banks. This system is basically the perfect system for phishers and identity thieves, and conditions honest people to behave in foolish ways that leave them vulnerable to having their life’s saving taken off of them.

Verified by VISA“Frame inline displays the VbV authentication page in the merchant’s main window with the merchant’s header. Therefore, VbV is seen as a natural part of the purchase process. It is recommended that the top frame include the merchant’s standard branding in a short and concise manner and keep the cardholder within the same look and feel of the checkout process.”Or, in other words: Please ensure that there is absolutely no way for your customer to know whether we are showing the form or you are. In fact, please train your customer to give their “Verified by Visa” password to anyone who asks for it.

Craziness. But it gets better – obviously not everyone is pre-enrolled in this stupid scheme, so they also allow for enrolment using the same inline scheme. Now the phishers have the opportunity to also get information that will allow them to identify themselves to the bank as you. Yes, Visa have provided a very nicely tailored and packaged identity theft scheme. But, best of all, rather like Chip and PIN, they push all blame for their failures on to the customer

Source

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.