Join the Community

22,060
Expert opinions
44,004
Total members
397
New members (last 30 days)
189
New opinions (last 30 days)
28,693
Total comments

Verified by Visa and MasterCard SecureCode

  0 3 comments

This week, the 2010 Financial Cryptography conference is being held in Tenerife. The papers to be presented are likely of interest to the Finextra audience. Unfortunately, most are not available online, but searching for the title might show up a copy on the authors' home page.

My paper at FC'10 is on the security of Verified by Visa and MasterCard SecureCode (i.e. the 3-D secure protocol). My co-author, Ross Anderson, wrote:

"Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as “Verified by VISA” and “MasterCard SecureCode”. This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It’s getting hard to shop online without being forced to use it.

In a paper I’m presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it’s becoming a fat target for phishing. So why did it succeed in the marketplace?

Quite simply, it has strong incentives for adoption. Merchants who use it push liability for fraud back to banks, who in turn push it on to cardholders. Properly designed single sign-on systems, like OpenID and InfoCard, can’t offer anything like this. So this is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure. We conclude with a suggestion on what bank regulators might do to fix the problem"

Further comments about this paper can be found on Light Blue Touchpaper. Frank Stajano has also blogged about his paper, on using multiple channels to resist relay attacks.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,060
Expert opinions
44,004
Total members
397
New members (last 30 days)
189
New opinions (last 30 days)
28,693
Total comments

Trending

Now Hiring