Co-op Bank and Verified by Visa

[Ian Batten]

>
> Was this in a popup window?

Don't think so.  I'm using Firefox configured to open new windows in a 
new tab, but it didn't open a new tab. 
>
> Was it in a signup or reset password window?

No.

>
> LLoyds Clicksafe T&C's say they use RSA Security Ireland Ltd., or a 
> subsidiary, to do the verification for them, so afaict (unless RSASI 
> are operating using the lloyds.com name, which would be - ugly) in a 
> normal transaction a Lloyds certificate wouldn't be used, and in many 
> cases, eg if the retailer uses an iFrame, the certificate wouldn't be 
> visible.
 Because I love you all, I'll spend two quid when I can displace my wife 
from the Mac (where grab is easier to use) and take some screen shots.

>
> BTW1, The logo is not in any way a secure object, anyone can put any 
> logo they like in a top bar, if the bar supports logos.

I know.  But firefox will put the domain of the certificate up at the 
left hand end of URL bar, coloured blue for a certificate it can trace 
to root and green for EV.  That's not the same as favico.
>
> Besides which, the banks don't insist the merchant uses popups direct 
> to themselves, which would much harder to fake - and you are not the 
> average punter, who has a hard time checking whether there is a 
> padlock displayed.

Part of me says that products that don't protect the punter are wrong.  
Another part of me says that if I can use a product to protect my 
interests, I'm less concerned about how well it works for others. 

ian