02 February 2010

3D Insecure

Taking payments online? Were you strongly encouraged to implement a 3D Secure system like Verified by VISA or MasterCard SecureCode?

Partial image from the title sheet of the paper with the words 'Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication [by] Steven J. Murdoch and Ross Anderson [at] Computer Laboratory, University of Cambridge, UK http://www.cl.cam.ac.uk/users/fsjm217,rja14g'

A new paper from University of Cambridge Computing Laboratory describes how how online card security fails. It identifies a number of security weaknesses in 3D Secure and proposes that the economics of security have driven insecure implementations (like this), that are difficult to use, in order to move the risk to cardholders.

Ross Anderson's blog post links to comments about the paper elsewhere.

Posted on: 02 February 2010 at 08:07 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
3D Insecure
http://www.clerkendweller.com/2010/2/2/3D-Insecure
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2010/2/2/3D-Insecure
Requested by 50.16.17.90 on Friday, 24 May 2013 at 07:37 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2010-2013 clerkendweller.com