Security expert Ben Laurie has a scorching indictment of the “Verified by Visa” program used by British banks. This system is basically the perfect system for phishers and identity thieves, and conditions honest people to behave in foolish ways that leave them vulnerable to having their life’s saving taken off of them.
“Frame inline displays the VbV authentication page in the merchant’s main window with the merchant’s header. Therefore, VbV is seen as a natural part of the purchase process. It is recommended that the top frame include the merchant’s standard branding in a short and concise manner and keep the cardholder within the same look and feel of the checkout process.”Or, in other words: Please ensure that there is absolutely no way for your customer to know whether we are showing the form or you are. In fact, please train your customer to give their “Verified by Visa” password to anyone who asks for it.
Craziness. But it gets better – obviously not everyone is pre-enrolled in this stupid scheme, so they also allow for enrolment using the same inline scheme. Now the phishers have the opportunity to also get information that will allow them to identify themselves to the bank as you. Yes, Visa have provided a very nicely tailored and packaged identity theft scheme. But, best of all, rather like Chip and PIN, they push all blame for their failures on to the customer
Related Posts: On this day...
- Unknown Hot Tattoo Girl - 2011
- Deathless: Cat Valente's beautiful fantasy of Stalinist Russia and the Siege of Leningrad - 2011
- Every.. single... time... - 2011
- Throwzini 6-Piece Knife Set Block - 2010
- PS3 Linux is dead - 2010
- British cops identify 200 schoolchildren as potential terrorists - 2009
- UPDATE: With Vista breached, Linux unbeaten in hacking contest - 2008
- Revolution OS: Documentary of Linux - 2008
- Geekiest song ever: A Cryptography song entitled "Crypto" - 2008
- 60% of Photoshop Users are PIRATES! - 2008