Verfied by Visa finally gets outed

James Firth james.firth at
Tue Oct 19 13:23:55 BST 2010

First I've seen about this in the mainstream press:

"But online security experts at Cambridge University say the systems
encourage people to enter their confidential information into pages that
they cannot be sure are genuine and customers could end up liable for the

Just like they've been saying since its launch.  Why they went for an
embedded (IFRAMEd) approach when world+dog could see this masked the SSL
certificate info from all but the most curious of visitors is still beyond

BBC Breakfast had an interview with a "victim" of an apparent VbV tojan who
claimed her bank refused to repay the fraudulent transaction because
"Verified by Visa is a secure system and was used to authorise this

So here we go again.  Not like the banks noticed the law has changed to
state explicitly they must refund or prove fraud by the customer.

James Firth

More information about the ukcrypto mailing list