Verfied by Visa finally gets outed
James Firth
james.firth at daltonfirth.co.uk
Tue Oct 19 13:23:55 BST 2010
First I've seen about this in the mainstream press:
http://www.bbc.co.uk/news/uk-11571873
"But online security experts at Cambridge University say the systems
encourage people to enter their confidential information into pages that
they cannot be sure are genuine and customers could end up liable for the
loss."
Just like they've been saying since its launch. Why they went for an
embedded (IFRAMEd) approach when world+dog could see this masked the SSL
certificate info from all but the most curious of visitors is still beyond
me.
BBC Breakfast had an interview with a "victim" of an apparent VbV tojan who
claimed her bank refused to repay the fraudulent transaction because
"Verified by Visa is a secure system and was used to authorise this
transaction"
So here we go again. Not like the banks noticed the law has changed to
state explicitly they must refund or prove fraud by the customer.
James Firth
More information about the ukcrypto
mailing list