A "gotcha" in online payment securityMore than 25 million card holders have registered to use the 3-D Secure online payment system, which makes use of an XML-based protocol for an added layer of security for credit and debit card debit card, card that allows the cost of goods or services that are purchased to be deducted directly from the purchaser's checking account. They can also be used at automated teller machines for withdrawing cash from the user's checking account. transactions. The service, more commonly known by the names “Verified by Visa Verified by Visa is a system used by Visa as an added layer of security for online credit and debit cards transactions. A similar system is used by MasterCard under the name SecureCode (which is completely separate from verified by Visa, although it uses the same protocol). ” and “Mastercard SecureCode,” this rise is a 600 percent increase during the past two years and is seen as a positive improvement for online security. However, a challenge to the effectiveness of 3-D Secure has been raised by GrIDsure (developer of a different approach to authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. ), has warned that this extra layer of security may simply prove to be an added burden for consumers. Jonathan Craymer, chairman of GrIDsure commented: “While any step to improve online security is always welcome, some may actually prove to be counterproductive coun·ter·pro·duc·tive adj. Tending to hinder rather than serve one's purpose: "Violation of the court order would be counterproductive" Philip H. Lee. due to their reliance on fixed passwords. It is disturbing that customers are now being forced to sign up to a system that may potentially leave them more vulnerable to identity theft than before.” He said that with the 3-D Secure system, a customer's password can be used to commit fraudulent activity on their account, and banks can now blame the customer for not protecting it sufficiently. Many people are not aware of this. “Software such as spyware Software that sends information about your Web surfing habits to its Web site. Often quickly installed in your computer in combination with a free download you selected from the Web, spyware transmits information in the background as you move around the Web. or key logging technology can render the extra layer of protection useless as a fixed password can be captured and compromised quite easily. The security of the system could be immediately improved by replacing these with one-time passwords (security) One-Time Password - (OTP) A security system that requires a new password every time a user authenticates themselves, thus protecting against an intruder replaying an intercepted password. OTP generates passwords using either the MD4 or MD5 hashing algorithms. or PINs. The cynical amongst us may argue that some financial organizations are simply concerned with shifting responsibility rather than improving security,” Craymer said. A request for comment to Visa was not answered. 
|
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion