FYI: Trusted Reviews | Visa Revamps Humble Credit Card.

[Matthew Pemble]

James Firth wrote:
> Of course it does not solve the phishing-type attack, unless the
> authentication process starts with the entry of a code provided by the
> website, allowing the card to verify that the requestor is an authorised
> source.
>   
User authentication via any security code device is insufficient to 
defeat MITM or trojan attacks. You actually have to re-authenticate at 
the payment step and part of the crypto sequence (e.g. half of the 
challenge in the RBS / Natwest EMV implementation) needs to be relevant 
to the transaction. Otherwise "pay James Firth £10" can be munged to 
"pay Dmitry узкий морской залив £10000".

Matthew
**