[clug] Verified by Visa
Nathan O'Sullivan
nathanosullivan at mail1.bris.mammothmedia.com.au
Tue May 12 02:39:06 GMT 2009
This scheme is known as "3-D Secure", http://en.wikipedia.org/wiki/3-D_Secure has some background
Regards
Nathan
----- "Michael James" <michael at james.st> wrote:
> Who has encountered "Verified by Visa"?
>
> Does it ring all your security alarm bells?
>
> It asks for your institutional internet banking password
> from a pane within the vendors HTTPS site.
>
> If you have set your own Personal Authentication Message (PAM)
> it prompts with the phrase you selected,
> so it knows a secret it got from your bank.
>
> But given that the page you are being presented with
> is controlled by an un-trusted vendor,
> how can you be confident that the site
> hasn't done some man-in-the-middle trick
> to find and re-present the your PAM?
>
> If you haven't set it, the PAM is something like,
> "Welcome to secure internet banking".
> And presenting that text will reel in hordes of suckers.
>
> At St George there is no way to divorce the password you must type
> to make a purchase using visa, from your internet baking password.
>
> Specifically the password can't be:
> a one time password SMSed to your mobile (which would be
> brilliant).
> another password that you set along with your PAM.
>
> I'm shopping for another bank, anyone know a bank
> that allows a separate (preferably one-time) visa password?
>
> michaelj
>
>
> --
> Well theme my KDE4 emoticons disgusted. What has Linux come to?
> Michael James clug3 at james.st
>
>
>
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
More information about the linux
mailing list