Co-op Bank and Verified by Visa
Richard Brooksby
rb at ravenbrook.com
Thu Jun 18 14:35:06 BST 2009
On 2009-06-18, at 13:12, Nicholas Bohm wrote:
> In my experience the Verified by Visa and Mastercard SecureCode sites
> show me a memorable phrase of my own choosing (set at registration)
> as a
> form of authentication. ...
Yes, looking at Visa's own web site (see
<http://www.visaeurope.com/personal/onlineshopping/verifiedbyvisa/main.jsp
>) it's clear that they intend the banks to allow you to register,
and to allow you to set your own password.
Co-op have decided to skip both these steps, perhaps in a misguided
attempt to make things "easier" for their customers. But they've
damaged customer security by doing so.
An secret for use with Verified by Visa would be OK. Not great, since
banks are then unwilling to allow you to repudiate "verified"
transactions, but at least it's not revealing one of your main shared
secrets with your bank.
More information about the ukcrypto
mailing list