My South African bank has a nice, highly effective, easy to implement, widely available, cheap, and easily solution that doesn't eliminate fraud, but certainly minimises its effects.
Whenever I use my (VISA) debit card, I get an SMS with the date, time, amount and location. I, maybe, in a week, make 20 card transactions, so the cost is 50c/week max to the bank buying in bulk.
If I see a transaction I don't recognise, I phone the bank.
compared to all the mostly wasted investment in PCI (including all the requirements that weaken rather than strengthen your website's security), the phishing friendly bullshit of Verified by VISA etc, it works like a dream.
Slashdot Mirror
My South African bank has a nice, highly effective, easy to implement, widely available, cheap, and easily solution that doesn't eliminate fraud, but certainly minimises its effects. Whenever I use my (VISA) debit card, I get an SMS with the date, time, amount and location. I, maybe, in a week, make 20 card transactions, so the cost is 50c/week max to the bank buying in bulk. If I see a transaction I don't recognise, I phone the bank. compared to all the mostly wasted investment in PCI (including all the requirements that weaken rather than strengthen your website's security), the phishing friendly bullshit of Verified by VISA etc, it works like a dream.