Thursday, February 04, 2010

Verified by Visa: "Terrible Security"

StoreFrontBackTalk reports: At a presentation at the Financial Cryptography and Data Security conference, a Cambridge University computer lab team dissected the recent 3-D Secure (3DS) protocol—branded as Verified By Visa and MasterCard SecureCode 5. The team found that not only was the security lacking, but it sharply undermined other security mechanisms.

“3-D Secure has so far escaped academic scrutiny, yet it might be a textbook example of how not to design an authentication protocol,” wrote Cambridge University’s Steven J. Murdoch and Ross Anderson. “It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. It’s bad enough that EMV Verified by Visa and MasterCard SecureCode 5 have trained cardholders to enter ATM PINs at terminals in shops. Training them to enter PINs at random E-Commerce sites is just grossly negligent.”

Click HERE to read the entire article.

No comments:

Web Analytics