Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Passport and... Visa

Posted by ryuzaki0 on from the brobdignagian dept.

HeUnique writes "Well, people have seen it coming. According to this story Microsoft is extending the Passport authentication system to process Credit card payment (currently: Visa and MasterCard) through a deal with Arcot Systems. Of course, with the ever-changing privacy terms that some companies keep changing without notifying their user - it won't take much long until they'll take your credit cards info for 'verification' and who knows what they'll do with it.. sigh.." In a nutshell: "Microsoft and Arcot plan to offer, later this fall, a service that will let banks require computer users to type in their Passport username and password to authenticate Visa or MasterCard credit cards." Take the word "require" in that sentence with a grain of salt, I guess. Favorite quote: "People will start trusting the system now that it's linked to credit cards." Sure.

12 of 431 comments (clear)

  1. Its HOW they tell us... by acroyear · · Score: 5, Informative
    Of course, with the ever-changing privacy terms that some companies keep changing without notifying their user - it won't take much long until they'll take your credit cards info for 'verification' and who knows what they'll do with it.

    No, they do inform us of changes, as they are often required to do so by laws of various states...Trouble is, they're allowed to change them and tell us later, by 4th class snail mail, taking 2-3 weeks to get to us, by which time its too late to re-file a complaint or a protest before they've already sold our info off.

    --
    "But remember, most lynch mobs aren't this nice." (H.Simpson)
    -- Joe
  2. New Passport Slogan by Anonymous Coward · · Score: 5, Funny

    Linux Redhat: $59
    AOL Account: $20 a month
    Contribution to OSS fund: $1000

    Charging it to Bill Gates Credit Card: Priceless

    There are some rights money can't buy.
    For everything else, there's Microsoft Passport.

  3. What's next ? eBay ? by selderrr · · Score: 5, Interesting

    I'm really wondering when MS is going to buy a large content provider and force Passport upon us. eBay, or Amazon. They're both in the red, so should be purchaseable for a giant like MS.

    I've really wondered many times why MS doesn't drop it's dollar weight on passport.. Compared to the XBox, they've invested practically nothing in passport !

    --
    When will I end this grieving ? When will my future begin ?
    1. Re:What's next ? eBay ? by chicagothad · · Score: 5, Informative

      Ummmm.... Ebay is making money:

      Yahoo! Financials on Ebay

  4. Time for a new CC vendor? by Beautyon · · Score: 5, Informative

    Many companies have their own branded credit cards. I wonder how many people here carry VISA / Mastercard / Amex?

    If anyone doesnt like what these companies are doing, there is always an alternative.

    People use credit cards because the massive lapses in security are never properly publicised and also, whenever someone steals from their card, they get the money refunded.

    Basically, they have nothing to loose, and like I said, if they want privacy, there are many ways to achieve this, PrivateBuy being just one.

    --
    ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
  5. Over inflated numbers by (trb001) · · Score: 5, Interesting

    According to research firm Gartner, the service has about 14 million registered users.

    <sigh> I have to wonder if they're including the hotmail users in this number, since signing up for passport and hotmail are linked. If so, this number is hugely overinflated...the number of people actively using passport is way smaller. Too bad, companies may read this and decide it's a great way to reach a large audience.

    --trb

  6. Simple by unformed · · Score: 5, Interesting

    Any bank which requires me to have a Passport account won't get my business. The one thing about capitalism is that you -can- force unwanted business to end, simply by going to their competitors.

    Of course, people are going to say that we don't want the RIAA/MPAA/??AA/etc but as a matter of fact, general society does, and we -do- still support them (by seeing movies, buying cds, etc) ... the other difference is that they're a monopoly.

    OTOH, no bank has a monopoly. As soon as Passport gets picked again, and credit cards numbers are out, people won't use it, and will demand a different method. (Note: viruses on desktop computers don't matter to people, because the general public doesn't store crucial data on their home computers) --

    As soon as people start demanding non-Passport methods of authentication, banks -will- provide.

  7. Mobile payment does it already. by Saggi · · Score: 5, Interesting

    In Denmark some of the major telecompanies have just released a method where you can pay with your mobile number. In this case you register your credit card to your mobile phone. When you want to do a purchase, you type in the mobile number (more easy to remember), and the system verifies it by sending a SMS to you phone that you'll need to verify by typing in a pin-code.

    Now this is a very secure way of doing business. Of cause no system is 100% secure. But in the same manner as the passport solution, you still need to register your credit card to a database, connected online, that can be contacted by the merchants. Sound similar to me.

    Of cause you still have the additional security of the SMS and the pin code and Microsoft don't have the best reputation when it comes to securing their systems. But it still gives time for thought.

    --
    -:) Oh no - not again.
    www.rednebula.com
  8. Re:Trust? by Fizzlewhiff · · Score: 5, Interesting

    I trust my VISA (and credit card companies in general), because they tend to work in my interest and take care of me when I have bonafide problems with unauthorized usage and such. I have zero trust in Microsoft

    I used to work for the second largest Visa issuer. We tracked every thing a cardholder did. We knew your spending habits and what you liked to buy. We knew when you were on vacation and when you fooled around on your wife. We sold this information to advertisers and gave it to other ventures within our corporation. Sometimes we'd even turn it over to the Secret Service. Every cardholder had an agreement similar to a EULA. We changed it all the time, raising rates and fees to our benefit. By using the card you were bound to the agreement.

    Essentially we did the same thing you say Microsoft does, and maybe even a little more, yet you trust Visa over Microsoft. Interesting.

    --

    'Same speed C but faster'
  9. Learn how it works first, bitch later. by friday2k · · Score: 5, Informative

    This is known as 3D Secure or verified by Visa. Just because MS is offering the client piece (and this is what they do) they do not have access to all your personal information. Here is how it works: When you choose to pay through 3D Secure you enter your credit card # at the merchant, the merchant talks to his acquirer, the acquirer figures out whether the Issuer who gave you your credit card is enrolled in 3D Secure (by talking to the so-called Visa directory) and then they redirect you to the Issuer of your credit card. Now the Issuer (and last time I checked MS is NOT an Issuer) will have to identify you. This is where Passport comes into play. Passport does the auth piece for you (Kerberos in Passport's case if I am not mistaken) and sends the ticket to the Issuer. The Issuer compares whether the auth piece and the CC number match and generates a response token for the merchant. This response token gets transmitted back to the merchant (by the means of standard passport auth I suppose), the merchant takes this response token and sends it to his merchant acquirer. The merchant acquirer now sends it through the Visa Directory back to the Issuer and the Issuer compares whether this is a replay or whether this is a valid token. If it was a valid token the transaction is authorized. So, bottom line is, Passport is the authentication piece. Whether you trust MS Passport or not is one thing, but they do not get access to your CC data. And by hijacking a passport you still cannot go shopping on behalf of the account owner. Check your facts guys.

  10. passwords nolonger CaSeSeNsItIve by emptybody · · Score: 5, Informative

    I discovered recently that hotmail and, in fact, all passport sites are nolonger case sensitive when it comes to passwords.

    This rather bothers me.
    It used to be that I had to use the proper case to login. Somewhere along the way, microsoft did something to change my password (which I had assumed was stored encrypted) to make case insensitive.

    --
    comment directly in my journal
  11. I disagree by MemeRot · · Score: 5, Interesting

    If you're set to 'always sign me into any passport site' then when you go to a passport site after having earlier checked your hotmail account, you find yourself automatically logged in, whether you actively wanted to use passport there or not. For a long time I visited no passport sites other than hotmail, and it never affected me. Now there are a couple I go to, and at first finding myself automatically logged in as whatever identity's email I happened to check last was really disconcerting. I have several hotmail accounts, but the whole passport thing is based on the assumption of one computer, one person, one identity. I feel like I should be able to be logged in at msdn.microsoft.com using my work/business hotmail account, while still reading email from one of my personal hotmail accounts. Can't do it. Even though they're separate sites, they completely identify you by your passport cookie, so you can only be one 'identity' to all of them. If passport verification starts popping up all over the place, other people will run into this issue too.