CC shared secret
John Lamb
ukcrypto at chiark.greenend.org.uk
Tue, 12 Aug 2008 13:26:49 +0100
On Fri, Aug 08, 2008 at 02:35:13PM +0100, Igor Mozolevsky wrote:
> Displaying relevant bank logo is simple, you just need to do a BIN
> lookup, whereas masquerading as a part of someone else's domain is a
> lot more difficult, especially if EV certs are involved. Incidentally,
> is it an EV cert that CYCOTA, et al present or is it a plain cert,
> does anyone know (none of my CC cards are 3d obsucred)?
I don't have a Mastercard, but I know Verified by Visa sends you to the
generically named securesuite.co.uk, owned by CYOTA INC. The cert is
not EV. Perhaps they will upgrade when it expires in October.
This is Nationwide's help page hosted on their site:
https://www.securesuite.co.uk/nationwide/tdsecure/help.jsp
The Demo part of the FAQ is reassuring - note the pop up VbV window with
no address bar or padlock visible!
https://www.securesuite.co.uk/nationwide/docs/demo.jsp
Also, to add to your feeling of confidence in the site,
http://www.securesuite.co.uk/ doesn't load and
https://www.securesuite.co.uk/ returns an empty page.
Maybe this is why googling for it turns up lots of people concerned they
are being phished.
A bit of googling and URL guessing turns up some other banks on it:
https://www.securesuite.co.uk/mbnabusiness/docs/demo.jsp
https://www.securesuite.co.uk/rbs/docs/demo.jsp
https://www.securesuite.co.uk/natwest/docs/demo.jsp
Plus a special commendation for HBOS and their flash demo:
https://www.securesuite.co.uk/hbos/docs/demo.jsp
And the FAQ pages make some interesting browser recommendations:
https://www.securesuite.co.uk/hbos/docs/faq.jsp#General_questions7
> Halifax Secure requires the use of Windows Microsoft® Internet
> Explorer 5.5, 6.0 and 7.0, Windows Netscape® 7.1 and 7.2, Windows AOL
> ® 9, Windows Firefox® 1.0 and Macintosh Safari®.
https://www.securesuite.co.uk/nationwide/docs/faq.jsp#General_Questions5
> In order to get the most out of the Verified by Visa (VbV) Service.
> Visa recommend the following browsers: IE 7.0, IE 6.0, FireFox
> 2.0.0.2, FireFox 1.5, AOL9 and MAC-Safari 2.0.4.. VbV will work with
> the following browsers, but some of the information may not display
> correctly: FireFox 1.0.2, IE 5.5, NS 7.2, MAC Safari 1.3 and NS 8.1.2.