Slashdot Mirror
MS Passport and... Visa
HeUnique writes "Well, people have seen it coming. According to this story Microsoft is extending the Passport authentication system to process Credit card payment (currently: Visa and MasterCard) through a deal with Arcot Systems. Of course, with the ever-changing privacy terms that some companies keep changing without notifying their user - it won't take much long until they'll take your credit cards info for 'verification' and who knows what they'll do with it.. sigh.."
In a nutshell: "Microsoft and Arcot plan to offer, later this fall, a service that will let banks require computer users to type in their Passport username and password to authenticate Visa or MasterCard credit cards." Take the word "require" in that sentence with a grain of salt, I guess. Favorite quote: "People will start trusting the system now that it's linked to credit cards."
Sure.
No, they do inform us of changes, as they are often required to do so by laws of various states...Trouble is, they're allowed to change them and tell us later, by 4th class snail mail, taking 2-3 weeks to get to us, by which time its too late to re-file a complaint or a protest before they've already sold our info off.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
Many companies have their own branded credit cards. I wonder how many people here carry VISA / Mastercard / Amex?
If anyone doesnt like what these companies are doing, there is always an alternative.
People use credit cards because the massive lapses in security are never properly publicised and also, whenever someone steals from their card, they get the money refunded.
Basically, they have nothing to loose, and like I said, if they want privacy, there are many ways to achieve this, PrivateBuy being just one.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
Ummmm.... Ebay is making money:
Yahoo! Financials on Ebay
This is known as 3D Secure or verified by Visa. Just because MS is offering the client piece (and this is what they do) they do not have access to all your personal information. Here is how it works: When you choose to pay through 3D Secure you enter your credit card # at the merchant, the merchant talks to his acquirer, the acquirer figures out whether the Issuer who gave you your credit card is enrolled in 3D Secure (by talking to the so-called Visa directory) and then they redirect you to the Issuer of your credit card. Now the Issuer (and last time I checked MS is NOT an Issuer) will have to identify you. This is where Passport comes into play. Passport does the auth piece for you (Kerberos in Passport's case if I am not mistaken) and sends the ticket to the Issuer. The Issuer compares whether the auth piece and the CC number match and generates a response token for the merchant. This response token gets transmitted back to the merchant (by the means of standard passport auth I suppose), the merchant takes this response token and sends it to his merchant acquirer. The merchant acquirer now sends it through the Visa Directory back to the Issuer and the Issuer compares whether this is a replay or whether this is a valid token. If it was a valid token the transaction is authorized. So, bottom line is, Passport is the authentication piece. Whether you trust MS Passport or not is one thing, but they do not get access to your CC data. And by hijacking a passport you still cannot go shopping on behalf of the account owner. Check your facts guys.
I discovered recently that hotmail and, in fact, all passport sites are nolonger case sensitive when it comes to passwords.
This rather bothers me.
It used to be that I had to use the proper case to login. Somewhere along the way, microsoft did something to change my password (which I had assumed was stored encrypted) to make case insensitive.
comment directly in my journal