NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Researchers fault 3-D Secure (3DS) online credit card system
Researchers fault 3-D Secure (3DS) online credit card system http://bit.ly/a1ygc6 (PC World) For a system that is supposed to improve security, its implementation leaves much to be desired: - When I first ran into it, I assumed that the merchant site had been compromised and abandoned the transaction. After poking around the net for a few days, I learned what was going on. - I then went to my account page at my bank and looked for a way to sign up. None. No mention anywhere. As far as the bank's web page is concerned, Verified by Visa doesn't exist. So, we have a "security" measure that presents itself like a bad compromise job, there are no public announcements or ads saying that the bad compromise job is really your bank (even if they would use other terms...), and the bank's own site pretends it doesn't exist. Can someone tell me why these people should be put in charge of protecting my money? Something that would be very useful is a way to set my account so that you can't use the Internet to transfer money out of it in any way coupled with a requirement to visit the branch in person to remove that setting. (Transfers by written check or authorized credit card transactions would be permitted, of course.) I really see no benefit to even having the ability to do electronic transfers out of my account for any other purpose: I've lived a more complex financial life than most people and have never needed this ability. So why is it on by default? ... I usually suggest that when there's a concern, secret questions should be answered with anything memorable other than the "real" answer. After all, is it really necessary to tell your bank that your first dog's name was: ... I once entered "zzz" for a response. The company later sent me an email message and asked if that really was the name of my dog. Seroiusly. Craig