3D Secure / Verified By Visa
Nigel Metheringham
nigel at dotdot.it
Wed Apr 17 12:50:02 BST 2013
I don't know any real details of how it works, however, from observation:-
1. They are not using any long lasting cookies to determine
whether or not to prompt for a password [I dump all cookies
when the browser closes, and never keep one open for more
than a day]
2. Different card issuers do different things.
One of mine almost never seems to want a password - it
just bounces through the page.
Another, when I use it (which I haven't for a while)
always wants a password.
Amusingly the second card provider there, who I am tempted to name, has
recently rolled out a new management website for cardholders. The
entire setup strikes me as being intended to look really secure without
giving any thought to how it works or balancing convenience against
sheer bloody mindedness. If they were designing mediaeval weaponry,
their swords would be sharp all over, not just at the business end!
Nigel.
--
[ Nigel Metheringham ------------------------------ nigel at dotdot.it ]
[ Ellipsis Intangible Technologies ]
More information about the ukcrypto
mailing list