Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of nicholas (3034)

Tuesday January 26, 2010
11:27 AM

Phished by Visa/3D insecure

[ #40131 ]

Steven Murdoch and Ross Anderson systematically demolish 3D secure/Verified by Visa. Shame that the banks don't employ the smart people, just the security researchers and the malware authors.

Meanwhile, at work, we continue to love the banks. Such as a large UK bank who will authorise a Euro transaction on Maestro (which must have been with 3DS/VbV) yet only reject it at settlement time because you can only use (UK) Maestro in sterling. Another authorised a card, but then rejected it at settlement because it was Electron rather than Visa Debit, and that merchant wasn't allowed to accept Electron. I'd love to be big enough to have the clout to tell banks "if you authorise it, the only reason to subsequently refuse to settle it is because it was reported as missing/fraudulent in the meantime. Otherwise, you honour your authorisation", and bear the cost of (fixing) your own bugs.

And the coda on the second one - said large UK bank then admitted that its own binranges had an error. If the banks can't get that right, what hope has anyone else?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.