Co-op Bank and Verified by Visa
Richard Jones
rich at annexia.org
Thu Jun 18 22:31:58 BST 2009
On Thu, Jun 18, 2009 at 02:19:53PM +0100, Andrew T wrote:
> Of the four banks I mentioned, there is nothing to identify themselves
> to me outside of my name being in the username - which I have already
> provided. One of them uses the domain "securesite.co.uk" - but I have
Actually it's secureSUITE.co.uk - it LOOKS like a phishing typo site,
and indeed I thought it was the first time I saw it, and so do many
other people on the net by the looks of it:
http://ambrand.com/2006/09/06/is-securesuitecouk-a-phishing-scam
However it varies by retailer. For example when I was trying to
purchase tickets through Thomas Cook at one time, the VbV site was on
a thomascook.co.uk subdomain (no frames, just a plain subdomain). For
Thomas Cook this is probably trustworthy, but I wouldn't trust it if
it was random-web-retailer.example.com. Even for big retailers it's
dubious because I am possibly sharing my secrets with those
retailers[1], not just with my bank.
This is why I refuse to use VbV.
Rich.
[1] Depending on very technical details of how the DNS subdomain is
set up, which an ordinary user couldn't possibly be expected to
understand.
--
Richard Jones
Red Hat
More information about the ukcrypto
mailing list