January 29, 2010 | Digital Security

It seems that, anymore, Visa is increasingly encouraging credit cardholders to use their “Verified by Visa” program, in which you’re supposed to enter a secret code to confirm that it’s really you using a credit card number.

The problem is, it’s insecure.

The system is properly called 3-D Secure (3DS) but it’s called Verified by Visa and MasterCard SecureCode by the two card corporations.

Here are some of the problems found by Cambridge researchers Professor Ross Anderson and Steven Murdoch:

• 3DS is shown in an “inline frame” or IFRAME HTML element. The problem with that is that the content for that frame is coming from a different website than the merchants, and it’s hard for users to verify its authenticity because you can’t see the URL it’s coming from.
• The system allows setting of a password directly on a merchant site with activation during shopping (ADS). Your identity is confirmed with a piece of information like birth date, which is commonly available.
• That also means the password can be reset with birth date or other commonly available information.
• It’s also vulnerable to phishing attempts.

Since users have to agree to be responsible for use of the card if they participate in Verified by Visa, banks are less likely to do chargebacks, and are more likely to put blame on the user if there is fraud.

My comments

I had been sort of suspicious of how well these systems worked, but thanks to these Cambridge professors, now we know. In fact, there’s probably no other way we’d know because the terms of these programs actually prohibit you from reverse-engineering or tinkering with the 3DS system in any way.

Moral: Don’t think your card is impenetrable just because your banks says so.

I think it’s good to have a separate, low-limit card for general Internet transactions.

Resources

PCWorld article
Register article
Cambridge University paper
Financial Cryptography and Data Security Conference
http://en.wikipedia.org/wiki/3-D_Secure
http://www.visa.com/verifiedbyvisa/

If you liked this article

If you liked this article, don’t forget to subscribe for updates!

Get updates by RSS (What’s RSS?)

Subscribe by email:

Follow me on Twitter

Top Incoming Search Terms

"verified by visa" insecure cambridge verified by visa problems digitivity wiki firefox visa verification problem google chrome and securecode problem google verified vise google verify visa insecure director tinkering with insecured by visa installing inline frame for verified by visa is it good to get a mastercard securecode java verified visa kreditkarte plugin veified firefox limit problem securecode mastercard loptop iphone verifiedbyvisa master visa card source code mastercard secure # digit mastercard secure code problem mastercard secure virus mastercard securecode firefox problems mastercard securecode insecure mastercard securecode problem mastercard securecode virus mastercard securecode wiki pares verified by visa decoder web app problem verify visa problem with verified by visa program problems with vertify with visa ross anderson card code ross anderson securecode secure code mastercard photo secure master card code securecode google chrome securecode visa securecode wiki vbv decode pares verified by mastercard verified by mastercard not working verified by visa and mastercard secure code for developer verified by visa chrome verified by visa google chrome verified by visa inline frame in php verified by visa insecure verified by visa issues verified by visa mastercard verified by visa problem verified by visa problem google chrome mac verified by visa problems verified by visa+wiki verifiedbyvisa plugin verify by visa problems virus securecode visa secure code visa securecode visa verification code visa verification problems wiki securecode wiki verified visa

Related posts:

1. Google Releases Skipfish Automatic Website Security Scanning Tool Google released a free website scanning tool called Skipfish. Skipfish...
2. How to Install Google Skipfish on Ubuntu Linux Skipfish is a new security scanning tool from Google that...
3. How to Install Java on Windows Java is an application environment (like, in a way, .NET,...
4. How to Install Miro Podcast Viewer on Windows Miro is a free and open source podcast viewer for...
5. My Windows XP Gets Virus Infected I got hit badly with some nasty viruses which ultimately...

Explore related content: MasterCard, MasterCard SecureCode, Ross Anderson, security, Steven Murdoch, Verified by Visa, Visa

9 Responses to “Verified by Visa (and MasterCard SecureCode) Is Insecure”

1. Spielautomaten says:

   December 17, 2011 at 10:04 am

   excellenta tilico mi rovevel te gramovamo arias fúposondu. adincia te eiteala mader nos nafir o camivado morer mosilhir bien.
2. Antwan Fotopoulos says:

   February 3, 2012 at 11:48 am

   I carry on listening to the reports talk about getting boundless online grant applications so I have been looking around for the finest site to get one. Could you advise me please, where could i acquire some?
3. Hanna Arnaldo says:

   February 3, 2012 at 7:51 pm

   Great article and straight to the point. I am not sure if this is really the best place to ask but do you folks have any thoughts on where to hire some professional writers? Thanks in advance
4. Keira Phelp says:

   February 4, 2012 at 12:29 pm

   wonderful submit, very informative. I wonder why the opposite specialists of this sector do not understand this. You must proceed your writing. I’m confident, you’ve a great readers’ base already!
5. Official says:

   February 11, 2012 at 2:30 pm

   Really thank you giving point of view I answer in my lang Alors nous pouvons dire que l’assistance informatique et le depannage informatique represente un bel avantage reel tous utilisateurs de PC pationnes d’electronique auront l’opportunite d’avoir des denouements aux embetements techniques relatif a windows server, aux logiciels et a la box internet commpe pour le web et les imprimantes laser, leur camera comme pour le disque dur et l’ensemble du materiel micro-informatique
6. Ronald Bevilacqua says:

   March 11, 2012 at 10:07 pm

   Thanks for the post. My partner and i have constantly observed that the majority of people are needing to lose weight as they wish to look slim and also attractive. However, they do not usually realize that there are additional benefits so that you can losing weight as well. Doctors assert that over weight people have problems with a variety of health conditions that can be perfectely attributed to the excess weight. Thankfully that people who’re overweight and suffering from several diseases can reduce the severity of their own illnesses through losing weight. It is easy to see a progressive but noted improvement in health as soon as even a negligible amount of losing weight is accomplished.
7. film watch says:

   May 10, 2012 at 11:04 am

   I am only writing to let you be aware of what a nice encounter my cousin’s princess developed going through your webblog. She realized too many details, which included what it’s like to possess a wonderful helping style to make the others clearly fully grasp some grueling subject matter. You undoubtedly did more than our own expectations. Many thanks for providing such valuable, trustworthy, edifying and in addition easy tips on that topic to Gloria.
8. Rick Billings says:

   May 12, 2012 at 4:15 am

   Hi there very nice website!! Man .. Beautiful .. Wonderful .. I’ll bookmark your blog and take the feeds also?I am glad to search out a lot of useful information right here within the put up, we’d like develop more techniques on this regard, thanks for sharing. . . . . .
9. Dubai says:

   May 15, 2012 at 5:33 pm

   click to read…

   [...]the time to read or visit the content or sites we have linked to below the[...]…