Slashdot Mirror
MS Passport and... Visa
HeUnique writes "Well, people have seen it coming. According to this story Microsoft is extending the Passport authentication system to process Credit card payment (currently: Visa and MasterCard) through a deal with Arcot Systems. Of course, with the ever-changing privacy terms that some companies keep changing without notifying their user - it won't take much long until they'll take your credit cards info for 'verification' and who knows what they'll do with it.. sigh.."
In a nutshell: "Microsoft and Arcot plan to offer, later this fall, a service that will let banks require computer users to type in their Passport username and password to authenticate Visa or MasterCard credit cards." Take the word "require" in that sentence with a grain of salt, I guess. Favorite quote: "People will start trusting the system now that it's linked to credit cards."
Sure.
Isnt it about time call up tyler durden to take out the credit card buildings thus destroying creditcard debt for america.... WAIT we got microsoft the next best thing, Tyler uses explosives and MS uses security holes!!
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
Are we just crazy now?
Ignorant?
I will never associate my creditcards with anything microsoft.
I dont even care if they start making wallets!
EOU
No, they do inform us of changes, as they are often required to do so by laws of various states...Trouble is, they're allowed to change them and tell us later, by 4th class snail mail, taking 2-3 weeks to get to us, by which time its too late to re-file a complaint or a protest before they've already sold our info off.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
Of course, any real web business would have to be insane to limit its clientele to Passport account holders only. Note how Microsoft has 14 million registered users of Passport (how many just for MS Messenger?). Now note how many people on the net - approximately 400 million? So do you see Amazon saying that only 3% of the net can buy their books? Nope, didn't think so.
Which means that if you are one of the people whose bank decides to "pay" Microsoft for this "service", you will be "forced" to get a Passport account.
It's a great move for Microsoft - they will be getting paid by third parties for the privilege of forcing customers into the MS system. This is similar to me paying somebody to let me force visitors go to their site.
Ñ'
....If you had to use a Microsoft Passport to buy add-free pages on slashdot....
Quote: "It's good for Microsoft because up until now, no one stood behind the authenticity of the (Passport) identities. You can register as easily as 'Donald Duck' as you can with your real name," Litan said. "Now (Passport users) are linked to credit card companies. There is going to be a bank or credit card issuer standing behind the identity."
So... how, again, does this magically insure that the credit card isn't stolen?
Linux Redhat: $59
AOL Account: $20 a month
Contribution to OSS fund: $1000
Charging it to Bill Gates Credit Card: Priceless
There are some rights money can't buy.
For everything else, there's Microsoft Passport.
Once you got their credit card number, you got their money.
M$102
If you got their passport, you don't need their credit card number.
***Quis custodiet ipsos custodes***
Favorite quote: "People will start trusting the system now that it's linked to credit cards." Sure.
Before we start railing MS about bugs, let he who is without sin cast the first stone.
Anywho, its not the hacking to get the password I'm worried about. Most people don't know how to make a good password, and most are easily guessable.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Trust and credit card are two words of which I am highly suspicious being in the same sentence.
---
I'm tired of waltzing for pancakes. -- Gwen Mezzrow
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
I'm really wondering when MS is going to buy a large content provider and force Passport upon us. eBay, or Amazon. They're both in the red, so should be purchaseable for a giant like MS.
I've really wondered many times why MS doesn't drop it's dollar weight on passport.. Compared to the XBox, they've invested practically nothing in passport !
When will I end this grieving ? When will my future begin ?
Many companies have their own branded credit cards. I wonder how many people here carry VISA / Mastercard / Amex?
If anyone doesnt like what these companies are doing, there is always an alternative.
People use credit cards because the massive lapses in security are never properly publicised and also, whenever someone steals from their card, they get the money refunded.
Basically, they have nothing to loose, and like I said, if they want privacy, there are many ways to achieve this, PrivateBuy being just one.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
According to research firm Gartner, the service has about 14 million registered users.
<sigh> I have to wonder if they're including the hotmail users in this number, since signing up for passport and hotmail are linked. If so, this number is hugely overinflated...the number of people actively using passport is way smaller. Too bad, companies may read this and decide it's a great way to reach a large audience.
--trb
Yeah, there are never any problems with AmEx.
~Philly
Any bank which requires me to have a Passport account won't get my business. The one thing about capitalism is that you -can- force unwanted business to end, simply by going to their competitors.
... the other difference is that they're a monopoly.
Of course, people are going to say that we don't want the RIAA/MPAA/??AA/etc but as a matter of fact, general society does, and we -do- still support them (by seeing movies, buying cds, etc)
OTOH, no bank has a monopoly. As soon as Passport gets picked again, and credit cards numbers are out, people won't use it, and will demand a different method. (Note: viruses on desktop computers don't matter to people, because the general public doesn't store crucial data on their home computers) --
As soon as people start demanding non-Passport methods of authentication, banks -will- provide.
This Windows XP (tm) installation does not match the hardware profile recorded at activation. Press "OK" to charge credit card on file with Passport $199.99 for new Windows XP (tm) lisence. Press "Cancel" to remove the unauthorised copy of Windows XP (tm) from your system.
Ñ'
AOL used a trick similar to this back in the day (which is why I stuck with my good ol' PPP dialup) where in order to get the free hours you had to give them a credit card number for "verification". Of course, once your free hours ran out, they just started charging you. (Do they still do this?)
Why do I get the feeling that Microsoft will probably not be more honest than AOL when it comes to making sure that your credit card is only used to buy things when you actually want to buy them:
"I've noticed that you're not running Windows XP! Don't click on 'cancel' to decline acceptance of the purchace of a new copy of Windows XP, which will be automatically installed when you accept this offer."
The fact of the matter is that merchants aren't going to want to put any hurdles between the customer and buying something. They won't require passport because it's just one more thing that MIGHT cause a consumer to go elsewhere. Many may offer passport, and there may be some sort of incentives attached to this, but they won't require it.
If most sites started requiring passport for some reason (credit card processor mandate?), I'd find myself showing up at physical stores once again.
This sig has been temporarily disconnected or is no longer in service
Why in God's name would I trust a company that changed its privacy policy overnight, much to the chagrin of millions of people worldwide (Hotmail.com)? Why would I trust a company that surreptitiously modified the EULA of their _media player_ to include consent to modify the DRM / OS it runs on?
I trust my VISA (and credit card companies in general), because they tend to work in my interest and take care of me when I have bonafide problems with unauthorized usage and such. I have zero trust in Microsoft, a company that has systematically undermined my digital rights on a regular basis without apparent consideration of what I want. It may be "good for business", but it's not good for me.
That being said, I plan on reformatting my Win2k boxes at home this weekend and uninstalling the Media Player. I'll also be removing the "Automatic Updates" feature they added to their "Windows Update" site recently -- I don't trust them not to modify my preferences there, either.
11 Then I saw another beast which rose out of the earth; it had two horns like a lamb and it spoke like a dragon.
12 It exercises all the authority of the first beast in its presence, and makes the earth and its inhabitants worship the first beast, whose mortal wound was healed.
13 It works great signs, even making fire come down from heaven to earth in the sight of men;
14 and by the signs which it is allowed to work in the presence of the beast, it deceives those who dwell on earth, bidding them make an image for the beast which was wounded by the sword and yet lived;
15 and it was allowed to give breath to the image of the beast so that the image of the beast should even speak, and to cause those who would not worship the image of the beast to be slain.
16 Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead,
17 so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name.
18 This calls for wisdom: let him who has understanding reckon the number of the beast, for it is a human number, its number is six hundred and sixty-six.
Sounds like a marriage between Microsoft and Visa to me. In order to order, you have to bear the mark of the beast.
Strange women lying in ponds distributing swords is no basis for a system of government.
In Denmark some of the major telecompanies have just released a method where you can pay with your mobile number. In this case you register your credit card to your mobile phone. When you want to do a purchase, you type in the mobile number (more easy to remember), and the system verifies it by sending a SMS to you phone that you'll need to verify by typing in a pin-code.
Now this is a very secure way of doing business. Of cause no system is 100% secure. But in the same manner as the passport solution, you still need to register your credit card to a database, connected online, that can be contacted by the merchants. Sound similar to me.
Of cause you still have the additional security of the SMS and the pin code and Microsoft don't have the best reputation when it comes to securing their systems. But it still gives time for thought.
-:) Oh no - not again.
www.rednebula.com
Arcot Systems and Arcot Press Release. For those interested.
(Score:5, Not Funny)
I would take this larger, and not want to put all of my info into a single cookie jar regardless of platform/os/political affiliation/whatever. It just gives too much power to the people running the jar.
The fallout of a major security breach is too nasty to think about.
DOS is dead, and no one cares...
If there's a Bourne Shell, I'll see you there
You can do NOTHING on Yahoo's auction site unless you give Yahoo a credit card to "verify your identity". One of the many reasons eBay has complete domination of Yahoo Auctions in America is this fact. Privacy isn't even the biggest issue.... It's the fact that few will stake their credit card on a company who has proven that they will change EULAs in midstream. Remember when Yahoo bought GeoCities, then claimed various ownership rights to all of the content?
What REALLY pisses me off about this? International commerce. It is impossible for me to directly by goods from auctions.yahoo.co.jp (Jahoo Auctions Japan). Yahoo's Wallets are localized, and if I don't have a credit card or account to a Japanese bank, I can't use that yahoo auctions website. I can't even ask a question to the seller! To that website, no member can live outside of Japan....
So, does this mean that my wife, Jamie, will be denied a "Passport Wallet".... With the constant barrage of credit card mail sent to someone here named "Jamike", I've got to wonder how well these guys are organized.
I'll be worried when they ask my cat, Griffin, to sign up for a credit card. I used her name to sign up for my wife's AOL, so it's only a matter of time.....
Most good online vendors offer a phone based ordering system. If they require Passport, then call them up and order with a person - it costs them a lot more to pay the order taker than to take the order via web form. Oh yeah, ......... orderrrrrr .......... sloooooowlyyyyyyy ........ and ...... quadrupleeeeee ...... cheeeeeeeeck ....... everythinggggggggg .......
I'll happily take my business elsewhere. Simple as that.
This needs to be modded up, seriously. Why? Because this is how the unwashed masses think, and MS knows it. But here is what you are not seeing - you may or may not see this "service" as useful, but you should have a CHOICE of whether or not to use it. MS can roll out any service they wish, as long as they don't force people to use it. Get it? They are cutting deals that FORCE you to give up your information to something that has proven to be insecure. I should have the right to decline that service. If you find it useful and more convenient, go right ahead and use it. Maybe you will be one of the lucky ones who doesn't get nailed to the wall when (not if) someone cracks in and steals passports. I can guarantee it won't happen to me, because I won't get a passport account. I'll quit shopping online and get rid of my credit cards before it comes to that.
My beliefs do not require that you agree with them.
What happens to your "choice" when all the bank use Passport? There aren't as many banks as there used to be and an oligopoly is nearly as effective as a monopoly. The RIAA wouldn't be an issue if there were viable music labels that didn't participate in it. An oligopoly can be ad hoc as well without any organizational structure -- I dare say we all object to crazy ATM fees (weren't ATMs supposed to save the bank money?) but we all end up paying them.
I am not a number! I am a man! And don't you
If you are unhappy with Micro$oft and its p-A$$-port, like I am, then simply don't use it. If your bank switches you and forces you to use it for online purchases switch to a bank or credit card that does not. Your dollars will tell them what you want. Course if we all just file in like cattle to the slaughter we will have all sorts of things forced down our throats.
...that I think I've ever heard of.
I play Asheron's Call (only published by MS, not made by them, BTW.) They changed over their auth system about 8 months ago from the old kludgy Zone auth system to Passport, and it's been downhill ever since. Each game account requires a separate Passport account, and most of the people who are big into the game have at LEAST two accounts (I have 3, myself). There's some inflationary numbers on how many are using Passport for you.
Furthermore, there was a recent rash of folks getting their accounts hacked because folks don't understand password security, and had their Passport e-mail address listed in YaBB and UBB boards centered on the game, used the same password for those boards as they do for their Passport account, and an exploit was discovered allowing folks to actually retrieve that info from those BB packages. If this idea is similar to the concept of the MS Wallet - which I haven't heard anything out of in a while - it's going to be an utter and complete disaster. Credit card fraud will reach new all-time highs, banks will start to go under, cows will fall out of clear blue skies, chaos and destruction will reign, et al.
BUT.
Here's the trick. If it is NOT like Wallet, and your CC info is NOT stored within Passport, then what they're effectively doing is adding a password check to your credit card for online transactions. At least one company is already doing this (witness the "I am Emmit Smith" ads) and it's an incredibly good idea. You register your Passport account with the bank who provided your Credit Card, and in return, your card number becomes totally useless without a password for the purposes of online transactions.
I really don't think that it's such a hot idea to be using PASSPORT for this, but the concept, if the card number isn't stored online BY the password system, is a VERY good one.
Fortunately for me, my credit card is through Digital Federal Credit Union, and I don't think they're too likely to implement it without warning.
You thought that this sig was what you think that I thought you wanted me to think. I think.
Seriously, you have a bigger risk of getting your credit card number stolen when you pay for your dinner at a restaurant with it then by submitting it to a website using SSL. Not only does the waiter/waitress handle your card, but in a lot of places they'll swipe it in a magnetic card reader that sends it unencrytped over a phone line, or worse, they'll use a POS system that stores the entire swipe data in an unencrypted text file on their local server's hard drive... which will later send it out over a phone line unencrypted.
Microsoft is evil, but they aren't stupid. If they screw this up the class action lawsuit that will result would likely put them out of business. Wait, maybe we should all sign up, and get Johnnie Cochran on retainer, before Microsoft hires him and we lose to the Chewbacca defense ;)
If you pension fund has shares in any of the banks then you are 'supporting' the banks.
If you bank has shares in any of the passport banks then you are 'supporting' the passport banks.
If buy anything from any company or anyone that in any way supports those banks then you too are supporting them, that the way that capatilism works, one big giant circle
thank God the internet isn't a human right.
Our records indicate that your use of the song, "I wanna kick some MS ass" is in violation of your current license. Press "OK" to charge the credit card on file with Passport $19.99 to acquire the correct license, or "Cancel" to remove the song from your hard drive. If you choose to remove the song, you will be charged a $10.00 fine for violating the terms of the license. Have a nice day, and thank you for using Microsoft!
Nonono... You must be thinking of Microsoft's ActiveBank.NET technology.
Objects in the blog are closer then they ap
Online shops cannot afford to require anything from their customers. The point in running a shop is selling; selling means to make buying as easy as possible. This is especially true on the Net where the customer can even remain sitting in her chair while leaving the shop and entering the competitor's. So how is this going to work? Successful online shops already know the rules and won't even try to require anything from the customers. Those who try will notice soon.
After all, digital signatures (as a legal concept) and all those esoteric digital payment schemes didn't take off; online shops just don't need them. They are even willing to take some risk if this helps them to gain new customers.
Waiting for their next smart idea ...
http://erichsieht.wordpress.com/category/english/
The book recently review on Slashdot, Translucent Databases does a good job of explaining how databases can be designed to provide these types of services (credit card authorization, central storage of information, etc.) in such a way that compromising the database does not provide the cracker with any information. Furthermore, an administrator or executive can glean no more information from the database than can a cracker, yet the database serves its purpose, while protecting the information it contains.
I went an ordered the book after reading the review here on slashdot and I must say that the methods discussed are quite interesting and I'm very likely to start incorporating them into my database designs as I go forward. In some respects, the book isn't laid out/designed very well for "flow", but it does contain very good information and it challenges the reader to think about the material in new ways.
If you're worried about securing data against everyone except for the people/applications that need to access it, check out this book.
Cheers.
Spoken like someone who's employer doesn't require them to pay all travel expenses out of their own pocket and then wait for reimbursement.
Or someone who lives in a small shack in the mountains and writes manifestos and sends explosive packages through the mail.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
- I will not be charged for the change.
- I will see an interest rate increase of 0.59% (not an issue because I pay off in full every month).
- The Smard Card reader has a USB port, and will work with Mac OS (yeah, right. We'll see. Didn't get a chance to ask about Linux because my boss wanted me and I had to hang up)
Whatever you do, if this story bothers you (obviously, it bothered me) make sure your bank understands that you do not want to support a convicted monopolist's attempt to extend its tentacles into the financial services arena.This is known as 3D Secure or verified by Visa. Just because MS is offering the client piece (and this is what they do) they do not have access to all your personal information. Here is how it works: When you choose to pay through 3D Secure you enter your credit card # at the merchant, the merchant talks to his acquirer, the acquirer figures out whether the Issuer who gave you your credit card is enrolled in 3D Secure (by talking to the so-called Visa directory) and then they redirect you to the Issuer of your credit card. Now the Issuer (and last time I checked MS is NOT an Issuer) will have to identify you. This is where Passport comes into play. Passport does the auth piece for you (Kerberos in Passport's case if I am not mistaken) and sends the ticket to the Issuer. The Issuer compares whether the auth piece and the CC number match and generates a response token for the merchant. This response token gets transmitted back to the merchant (by the means of standard passport auth I suppose), the merchant takes this response token and sends it to his merchant acquirer. The merchant acquirer now sends it through the Visa Directory back to the Issuer and the Issuer compares whether this is a replay or whether this is a valid token. If it was a valid token the transaction is authorized. So, bottom line is, Passport is the authentication piece. Whether you trust MS Passport or not is one thing, but they do not get access to your CC data. And by hijacking a passport you still cannot go shopping on behalf of the account owner. Check your facts guys.
Remember, you have to *SIGN* to purchase something with a credit card - it'd be an incredibly convenient idea for MS if they stick an EULA on a bill and say "if you sign this credit card bill you agree to the EULA".
Any thoughts?
Great point. Though i haven't had time to read a book recently, let alone tack one to the end of my ever-growing to-read list (this is the time of year when i go through my technical manuals again).
Its nice to see that at least a -little- high-level thinking is going on here, and not just a kneejerk reaction to the M word. In the real world, i don't see MS taking that sort of risk.. granted, they could afford to settle out of court with everyone who puts their CC information into the system if it DID get cracked and wasn't translucent.. wink wink, nudge nudge..
#include
I discovered recently that hotmail and, in fact, all passport sites are nolonger case sensitive when it comes to passwords.
This rather bothers me.
It used to be that I had to use the proper case to login. Somewhere along the way, microsoft did something to change my password (which I had assumed was stored encrypted) to make case insensitive.
comment directly in my journal
"Windows has detected that you have installed a new mouse. Please reboot this machine for changes to take effect and relicensing charges to be applied to your Passport account."
Outdoor digital photography, mostly in New Engl
"People will start trusting the system now that it's linked to credit cards."..... trusting it less..
The truth is, outside of the slashdot and SOME of the technical community, many computer users don't know enough NOT to trust the system. Its like all those people who trust their employers (think enron), car manufacturers (remember Fords / Firestones exploding tires), cable companies (monoploies in many cases), phone companies, electric companies (think PGE in CA) etc.. they don't know any better till they get screwed by one (or all) of these companies...
Only 'flamers' flame!
I think you'll also find that a lot of people didn't store their credit card details because they saw no need for the system to have it. I've lost count of the number of places i've signed up and they want some personal details that they definately do not need.
You don't just go hand out your credit card number to anyone who asks for it. Well I don't anyway.
Subnote: Having said that, porn sites don't seem to have any problem with people giving their credit card details over for a "free" trial. Mind you, then they start getting billed for it and can't get it stopped. So maybe there are mugs out there.
Avantslash - View Slashdot cleanly on your mobile phone.
Here's a part of what mine, Vancity, gave back to me:
If there are people like me there, they would be relieved to use a post like mine citing the previous security issues that Microsoft has had to the person who may decide that passport-only is a good idea.
Be preemptive. It's easier.
With a credit card, I can pay for an item or service and if I am dis satisfied with the repairs to my car or the item I bought will not work correctly, I can refuse to pay until satisfied. With cash you are screwed.
When I rent a car I get the insurance covered by the credit card saving about $14 a day.
When I purchace an item the warantee gets doubled up to 1 year extra. This has actually helped me get a tape deck repaired which failed 2 months out of warantee.
Lets say I have to pay for an item costing $5000, I have the cash, but why use it? It can earn another month or two interest while the charge floats on the credit card.
This credit card has no yearly fees.
As for paying cash for a hotel room, you will also have to front 1 nights stay ( in cash ) in addition to your total cost of the room, unless you don't mine the phone turned off for long distance calls, any mini bar locked, movies turned off, etc...
But then again the same people who pay cash for rooms most likely get the "day or hourly rate" and like to have cinder block walls, vibrating beds and mirrored ceilings.
Here is my simple solution to MS' latest Passport move:
- Find what I want online, and then pick up the telephone and dial the toll-free number to order.
Problem solved. Passport dies a slow and embarassing death.I'm a 2000 man.
If you're set to 'always sign me into any passport site' then when you go to a passport site after having earlier checked your hotmail account, you find yourself automatically logged in, whether you actively wanted to use passport there or not. For a long time I visited no passport sites other than hotmail, and it never affected me. Now there are a couple I go to, and at first finding myself automatically logged in as whatever identity's email I happened to check last was really disconcerting. I have several hotmail accounts, but the whole passport thing is based on the assumption of one computer, one person, one identity. I feel like I should be able to be logged in at msdn.microsoft.com using my work/business hotmail account, while still reading email from one of my personal hotmail accounts. Can't do it. Even though they're separate sites, they completely identify you by your passport cookie, so you can only be one 'identity' to all of them. If passport verification starts popping up all over the place, other people will run into this issue too.
Neither you, nor any other person I have ever met, will switch your bank b/c they sign up with passport. You chose your bank because it has convenient atm's, is close to your work or business, has the right hours, or whatever. NOBODY will ever be so upset by this that they'll switch to a bank whose atm's they can't get to, that's closed by the time they get off work, etc.
So yeah, as soon as you and all the other smart mouths on here go out and demand no riaa, no mpaa, no passport etc - the rest of the world will still fucking ignore you.
Umm.. no, that wouldn't make any sense. Use Passport to buy.. the things money can't buy? No, there are something things money can't buy.. for everything else [the things money CAN buy], there's Passport/Mastercard..
Yes, but the Passport account is "free"...so Amazon or other sites would simply coerce users to sign up for their "free" passport accounts.
I wish I could speak for everybody, but I can't, so I'll just speak for myself.
I hate websites that say you need to "establish" an account on their website. It doesn't carry the Microsoft logo now, and even if it does soon, it still won't get my business. I know that if I make an "account," my name, address, phone number, credit card information, and other private information is stored in a place that puts its privacy at risk, either by being hacked or by (more likely) it being sold to other parties. If I absolutely have to buy what I need from that website, I always call their sales line and demand that if they want my business, they won't save the information I give them. Though I cannot honestly say that they stick to their promise on the phone, I trust them if they say that they'll honor my request.
The same thing goes for PayPal. I will not touch their service, because I absolutely refuse to have my credit card number in the hands of a third-party company that, according to its contract, has the authority to manipulate it as they wish. Sorry, but I am not about to be put in a position where someone has a hold of me by the balls. If Microsoft says that they need my credit card number if I am to purchase items online, I'll tell them (as well as Amazon / eBay / NewEgg / etc) that they just lost business.
For those people who think that Microsoft is going to coerce "everyone" to using Passport, you're downright blind. Websites don't limit their customers to paying with only one company's credit card, and they certainly don't offer only one method of payment period. Even if Microsoft does take over the online payment industry, there's one payment that won't go away: Money Order and Snail Mail. And I promise you, I'd rather wait an extra 7 days for a package rather than know that my credit card information is unsafe.
"I will not trust a M$ computer on my network much less let it manipulate my money"
Dood, fucking grow up.
Nope, no sig
If you've used up your free hours, shouldn't you then start paying? You didn't say anything about cancelling, so it looks valid to me.
That he said his wife paid all his bills. Doesn't look like he actually has ANY choice does he? And it's not MS taking it away. It's his horrible, evil, stupid wife who likes commercial crap sites that spam her and shiznit like that. It's also his bank's choice, not his, or even hers.
It has always been easier to have your credit card information stolen by a waiter or cashier, or especially over the phone, than online. YOU MIGHT WAKE THE FUCK UP AND NOTICE THAT THIS ADDS A LAYER OF SECURITY TO THE PROCESS! Now if someone steals your credit card numbers, they can still use it anywhere over the phone or on sites that don't require passport verification, but on sites that do require passport verification they won't be able to use it unless they've also stolen your passport password. This means some fraudulent charges will be bloced. It adds no ability for someone to actually get your card number, which again is easier to do as a waiter or cashier.
except when you need to get your cash, which is actually what a bank is FOR.
:P
i'm not trolling. just pointing out that a lot of people on here talk the talk of boycotting companies (which is easy), but less than 1% actually walk the walk (which is hard).
you can sign up on msn.bendmeoverandrapemebillgates.bank.com
Let me get this straight...
You're implying that Microsoft's massive attempt to secure a chunk of all web services and transactions over the entire internet by enlisting the help of some of the biggest companies in the world, and in doing so place the financial records of millions of people at no small risk given a repeatedly poor security and privacy track record is comparable at all to a slashcode bug that only existed in CVS?
You're right. You do need to get out more.
"I may not have morals, but I have standards."
r u 4 real?
can you lynx to your bank account?
do you have more than $50 in your bank account?
i doubt your statement. easy to say 'i did such and such' online, much easier than actually doing it.
if you actually did do this - did your bank laugh in your face when you told them why you were leaving? cuz i totally would. this just is not a market force. more like a market farce.
Actually you're wrong. I had to stay in hotels for a few weekends while I worked in the (remote) data center. Guess what? I paid cash at the front desk! Wow, what a concept. Simultaneously I raised stink that I had to do this in the first place and made it clear to management, that this is not acceptable. To which they eventually responded and took care of the hotel from their side. I also got reimbursed for expenses already occurred.
Actually, I'm right. I work for a multi-billion dollar, global corporation that does not believe in making life easy for it's employees. We're given corporate Visa spending cards, but they can NOT be used for travel or entertainment purposes, so we have to pay all our travel and entertainment expenses out of our pocket and wait to get reimbursed for expenses the following week. Period. That really sucks when your boss comes to you and says "pack your stuff, you're going to Germany/Switzerland/India/New Zealand/Belgium/Etc. next week" and you don't happen to have that kind of cash money laying around.
You really are a fucking moron, aren't you? What an asinine comment...
Maybe, but at least I have balls enough to log into the system and use a (pseudo)name as opposed to be an ignorant AC like yourself.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
Any business that requires a passport login can be sure that it won't get any business from me...
Rule #1 in business:
Don't let ANYONE between you and your customers. If passport sucks and I am trying to buy a book from Amazon -- guess who gets blamed?
Nobody in my circle of aquaintences use banks anymore; it's all credit unions. They are run locally, you can call up the general manager and there are *way* too many of them for any company to try and push passport off on all of them. There is no oligopoly in the banking world.
The wheel is turning, but the hamster is dead.
I work for a multi-billion dollar, global corporation that does not believe in making life easy for it's employees. We're given corporate Visa spending cards, but they can NOT be used for travel or entertainment purposes
So, what's the point?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
I wish I was an MS mole, I'd be better paid.
I'm not worried about securing data - if I would need to do that at some time I'd surely go buy that and many other books, read up on the web, news, etc. What I am worried about however, is how well others (e.g. M$) is securing my data. And for some reason I don't think they read the book.
Tomorrow will be cancelled due to lack of interest
Ooh.. i can just see the security implications in this one. Imagine what would happen if someone managed to write a malicous c#(or any other language here) script that could read the data as entered and redirect it.. That and .Net as is adds up to one helluva security risk. Pretty soon I will be willing to bet that this new method of "authentication" is going to tie directly to Longhorn and Palladium, and DRM, and all that crap. I sincerely believe that Microsoft is trying to turn every windows computer into a card-swipe-register...
We're sorry, your computing license has expired. Please swipe your card for service
NEWS: Dell, HPaq and Microsoft in a revoloutionary change have started adding card-swipe magnetic readers into the keyboards of their Longhorn enabled computers.
I won't be surprised if I get flamed for this but then again, why would MS be so hot on DRM and all of a sudden Palladium, and now this?
Partnership for an idiot free America!
The majority of my income comes from online sales. A credit card charge is not valid without a legal signature. Nobody, as of yet, has found a way to legitimize internet trasnactions. Anybody who uses their credit card on the net can cancel their charge, after they receive their merchandise, and the merchant cannot contest this "chargeback". Because they don't have a signature. This is why 20%+ of online business is considered fraud, because valid customers who receive thier merchandise get their money back from your bank automatically.
With the government and VISA/MC dragging their feet and seemingly not even searching for a solution to this problem (well other than hassling online merchants as if it were their fault) we need some way to verify that the card goes with the user... perhaps passport is a step in the right direction.
I will get behind anything that allows me to contest, with the cardholder's bank, a fraudlant refund(chargeback) requested by somebody who received their merchandise.
Actually half of the people on this planet have never set foot in a bank. Some have never even seen a bank and millions more wouldn't be too clear on the very concept.
We are the affluent first world. The one apart from those second (many European Postal Services are also banks for their constituency, like in Belgium,) and third worlds (where they have an annual income equal to the average geek's soft-drinks expenditures,) and China (who play by their own rules,) and Islam (where they just want to buy Kalashnikovs and come to America and Kill Kill Kill.)
Now imagine that you're running a business and somebody's sale techniques immediately reduces your market share by 10% Would you be happy?
Imagine being told that you can reach 100% of your market by print ads, phone, mail (snail & e) and 100% of you market can reach you by walking in, phone, mail (snail & e) but you have to turn away 1 customer in 10.
But it will come to pass. M$ minions will tout their service as the best, most secure thing in the world since nobody can buy a friggin' thing because the server in Redmond has crashed after being cracked by the 11,111,111,111,111 script kiddie trying a new exploit.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
So, what's the point?
The point is that when my boss says "pack your stuff, you're off to Japan for a week, and you leave in 3 days", I need to either keep a large amount of cash in my bank account so I can afford to stay in an expensive Tokyo hotel for 6 nights and pay for all my meals and other travel expenses, or I'd better have a credit card.
Some numb-nuts (see parent post) said that there was no earthly reason for anyone to ever need a credit card, and if you couldn't afford what you need to buy right now, then you shouldn't be living beyond your means.
Maybe he's rich and doesn't have to worry about whether or not he has enough cash on hand to be able to afford $250+ a night for 6 nights plus meals for 7 days PLUS all of his normal bills and expenses, or more likely, he's completely messed up his credit history to the point that he can't get a credit card, and rather than admit that he screwed up, he'll make himself feel better by telling everyone that they don't need credit cards, and they're somehow 'weak' if they can't get by without one.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
Thanks god it won't happen here in Brazil. Our legislation won't allow such a thing. I know that our legislator can be bought (that's why we also have lobbies here) but I'm sure that we'll have a major disaster using Pa$$port before it happens.
So, I don't worry about this.
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
The point is that when my boss says "pack your stuff, you're off to Japan for a week, and you leave in 3 days", I need to either keep a large amount of cash in my bank account so I can afford to stay in an expensive Tokyo hotel for 6 nights and pay for all my meals and other travel expenses, or I'd better have a credit card.
I'm sorry - what I meant was what's the point of them giving you a company card if it's not usable for company travel expenses? As far as spending a week in Tokyo, are you hiring? ; )
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
This is the same company that owns Hotmail, that well known porn spamming, personal info relay service.
And you want to give them your CC number?
A guy named Keith Henson responded to a thread joking about about firing Tom Cruise missles at a Scientology compound in California.
He was convicted of making terror threats and had to flee the country before he was sent to prison!
Hell, in CANADA the psychos sicced anti-terrorist police on him. And he is still trying to claim political refugee status so the Canadians don't deport him back to the U.S. to serve his sentence for adding to a joke.
So, careful: perhaps not in this instance, but in future ones, we are not allowed to speak, or joke, if the target is big enough and rich enough and fanatical enough.
A lot of people don't understand how the VISA system is organized or about it's creator Dee Hock. It's called chaordic business organization--it's like a trillion dollar co-op.
VISA itself is a business owned by no one--it's merely shared information between different banks and financial institutions. Yet VISA itself is an independent business that makes independent profits. "Hmm?" you ask? Ok, here's how it works: "VISA" collects a percentage of all transactions that move through the "VISA" network (almost 1.5 TRILLION dollars). Then, the total "commission", if you will, is equally distributed to each of the banks by VISA. So basically, the more a huge bank makes, the more the little subscriber gets. So of course even the tiniest bank wants to be a VISA person (to get a cut of the action), which increases VISA's (the company who no one knows) market share. You see what I'm getting at now, don't you? It's parasitic in a way, almost viral. Either you are on the bus/bandwagon/gravy train/etc. or off the bus/bandwagon/gravy train/etc.
Anyway, in a nut shell, what this means is that banks get to have a piece of the action of EVERY credit purchase made at ANY STORE that accepts VISA. They don't just move money for free, you know..
Anyway, now you can do it with your debit card, so they have a piece of the action for almost every CHECK purchase made. All of this goes into the banks' pockets.
And now, your computer's operating system will be able to do quick, convenient purchases while the New First Microsoft/Passport Bank, Ltd./all the other banks in the world collect a toll on EVERY ITEM you purchase online. This is just a cheap ploy by Microsoft to get a little more market share. Don't worry; the real enemy here is the BANKS, and you don't even see it.
Cheers.
Cool! Amazing Toys.
I think we have a point. What's the point on adding a single password to validate all transactions with all credit cards (as well as you hotmail login!)?
It's dangerous. For once, stores will have to pay to yet another company for the "service" yet take all costs (in case the password is stolen). And probably will open the door for bigger frauds ("hey, they had the password and credit card number!").
Also, it's really NOT like a signature. In real life you sign the piece of papers, it's you. But a single password is not even nearly as close.
What would be good is to have a really secure way that cards can't be exploited. This aint the solution, yet we'll have a hard time trying to get rid of it after it's proven unsatisfactory.
One time pads could be a solution (ie: kind of digital bill). We need good ideas...
unfinished: (adj.)
If I understand the system correctly, there is a surcharge of several percent on CC transactions. However, because of the card companies' agreements with merchants, merchants have to charge CC users the same price as people paying by other means. Merchants have to make the money back somehow, so they raise prices generally a little to cover it. Therefore, everybody who doesn't use a credit card is subsidising the people who are, and making the credit card companies a packet in the process.
In Australia, a government body called the Australian Competition and Consumer Commission, responsible for monitoring trade practices laws, is proposing a rule change to disallow "no-surcharge" clauses in card issuer-merchant contracts, so the people who actually use credit card service pay for it.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Because I said something that didn't bash MS (note, it also did NOT praise MS, just said don't ignore them) I am modded as flamebait.
Blow goats moderator
isn't that there aren't hacks around the problem
just that there's a problem
one person one online identity
Hey, it's probably too late for you to see this response, but that's a damn good question - what's the point of having a company credit card if you can't use it for the one thing you need it for the most. I wish I knew...
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips