3D Secure / Verified By Visa

Nigel Metheringham nigel at dotdot.it
Wed Apr 17 12:50:02 BST 2013

I don't know any real details of how it works, however, from observation:-

   1. They are not using any long lasting cookies to determine
      whether or not to prompt for a password [I dump all cookies
      when the browser closes, and never keep one open for more
      than a day]

   2. Different card issuers do different things.
      One of mine almost never seems to want a password - it
      just bounces through the page.
      Another, when I use it (which I haven't for a while)
      always wants a password.

Amusingly the second card provider there, who I am tempted to name, has 
recently rolled out a new management website for cardholders.  The 
entire setup strikes me as being intended to look really secure without 
giving any thought to how it works or balancing convenience against 
sheer bloody mindedness. If they were designing mediaeval weaponry, 
their swords would be sharp all over, not just at the business end!

[ Nigel Metheringham ------------------------------ nigel at dotdot.it ]
[                 Ellipsis Intangible Technologies                  ]

More information about the ukcrypto mailing list