Co-op Bank and Verified by Visa

Charles Lindsey chl at clerew.man.ac.uk
Mon Jun 22 11:36:03 BST 2009 

On Fri, 19 Jun 2009 13:59:55 +0100, Richard Brooksby <rb at ravenbrook.com>  
wrote:

> On 2009-06-19, at 13:15, Charles Lindsey wrote:

>> 2. If so, did you examine the certificate chain attached to it, and  
>> where did that chain show the screen to have come from?
>
> As it happens, the certificate is from Neteller PLC (www.netbanx.com)  
> issued direct by VeriSign.  I'd never heard of netbanx.com or Neteller  
> PLC and there is no chain involving my bank.

Well there's Good News and Bad News there. Googling for both of them  
reveals that Neteller appears to be a well-established transaction outfit  
that offers services to "Good Guys" such as the general public, and it is  
entirely possible that the Coop have contracted with them, rather than  
with CYOTA, to carry out their verifications.

But www.netbanx.com appears to be an outfit offering services to  
Merchants, and their signature is exactly what you might expect to see on  
a Merchant-generated page.

But, either way, you now have plenty of ammunition to throw at the Coop.  
If they admit that one or both of them are their appointed agents for  
operating vBv, the you are in the clear.
>
> Besides which, although I am capable of checking this stuff (and did at  
> the time) this is true of almost no Co-op customers.  That means this is  
> not a scheme suitable for consumers.  Warnings like "don't enter your  
> password unless the address is www.co-operativebank.co.uk AND you can  
> see the padlock" are much better for the general public (though not  
> perfect).

My browser (Opera) always shows the name on the certificate right next to  
the padlock. If all browsers did that, then the world would be a much  
safer place.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the ukcrypto mailing list