Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why "Verified By Visa" System Is Insecure

Posted by timothy on from the shifting-the-blame dept.

angry tapir writes "A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers. The system is called 3-D Secure (3DS) but is better known under the names Verified by Visa and MasterCard SecureCode. Steven J. Murdoch, a security researcher at the University of Cambridge, and security engineering professor Ross Anderson contend there are several flaws with 3DS. One of their main points is how 3DS is integrated into Web sites during a transaction — e-Commerce Web sites display 3DS in an iframe."

2 of 243 comments (clear)

  1. Re:Lol by tatsuyame · · Score: 5, Interesting

    It's not. I tried making a purchase on newegg, got the the Verified by Visa page, but the frame didn't show anything. Assuming that the purchase wouldn't go through, I tried making the same purchase on my other computer. Frame loaded, entered password, purchase went through. However, the first purchase went through, even though I never entered the password for that one. So yeah, I'm guessing it doesn't really do anything to protect you.

  2. Re:Welcome to 3 years ago by Threni · · Score: 5, Interesting

    My Visa card was declined constantly when I was over in the States (from the UK) on business. I phoned my bank and they said it was declined because a chip and pin device wasn't used. Of course it wasn't - they don't have chip and pin in the states. So my Visa card is useless abroad? No matter - I had a Mastercard, which worked perfectly. No prizes for guessing which I'll be using in future.