I think I would prefer using a browser. At least you can do somePerhaps it could be produced by the banks and supplied directly to
their customers. Everybody trusts banks, don't they?
Which means that 3D Secure is fundamentally broken, as the vast majorityChris said:be enhanced. For the vast majority doing that kind of thing is way
above them and hell will freeze over before they come close to
understanding those kind of issues. Ordinary people just want to shop
online without having to fry their brains to make sure what they're
doing is safe.
Only if it ran on dedicated hardware. The security needed for theMike said:The only sensible solution (AFAICS, knowing not much about it) is to
abandon this idea of using a general-purpose browser for financial
transactions. A dedicated program would be rather easier to secure,
In terms of achieving the objective of the bank, to be able to deny theMark said:But we need to move away from simple schemes and use something a lot
more secure that does not just rely on "something you know".
I wonder if it might be possible for the banks to provide access toIn terms of achieving the objective of the bank, to be able to deny the
possibility that it wasn't you that made the transaction, the card
reader based system used by some banks would be better. The critical
processing for that is performed on a tamper resistant system, the card
I'm not sure that I would trust PayPal all that much more than I wouldYour right - Im an ordinary user and have no idea what you guys are
talking about - I would think along with a great majority of others!! I
have seen the Verfy by Visa box a couple of times and each time never
got through the Visa system successfully even though I give all this
information which makes me feel very uncomfortable - especially as the
transaction isnt successful. A real PITA!
So I use PayPal exclusively and just wont buy from any website that
doesnt use it!
With PayPal, you can, at least, verify that you are sending you passwordDavid said:I'm not sure that I would trust PayPal all that much more than I would
Veriphied by Visa.. :-(
They are actually both operated by the same company.Since Veriphied by Visa (and its twin, MasterCard SuckerCode) was
introduced, I've actually done much *less* online purchasing, as I refuse
I don't believe you can pre-pay PayPal from plastic. I think you haveFrom what you say above, PayPal (obviously) doesn't use 3D-Insecure at
the time you pay for goods, but is it possible to credit your PayPal
account without falling into a VbV/MCSC spiked pit trap at that point?
More sites accept it than advertise the fact. I managed to arrange aWhat I don't understand is why more sites don't allow payment by bank
It is the only method in some cases. I had to find another suppliertransfer (It's much more common as a method of online payment in
countries where credit cards are less common, such as Germany). With
Well I know what you mean! But I had already tried out PayPal with aCharlie+ wrote in uk.finance
about: Re: Illegal activities of Equifax through Verified by Visa crap
I'm not sure that I would trust PayPal all that much more than I would
Veriphied by Visa.. :-(
Thats of interest - if something raises a suspicion while doing aWith PayPal, you can, at least, verify that you are sending you password
to them, without going through hoops, even if even what is needed to do
that is too difficult for the general public.
Check that the address displayed at the top of the browser window beginsCharlie+ said:On Wed, 07 Mar 2012 07:23:34 +0000, David Woolley
Thats of interest - if something raises a suspicion while doing a
transaction it would be ueful to know how to check that the PayPal page
is genuine, could you give simple instructions as to how to achieve
To get further confidence, in case some trick has been played to make aMike said:
Thank you, that is very helpful information! Im afraid laziness withTo get further confidence, in case some trick has been played to make a
different URL look right, or a certificate has been obtained from one of
the weaker certifiers trusted by the browser, you should also check the
certificate (lock icon on Firefox). It should be issued to Paypal Inc
(Organization) and should be signed by VeriSign Class 3 Extended
Validation SSL CA (Common Name). If you look at the details, it should
have PayPal's business address in the details.
The certificate should have current dates.
With recent versions of Firefox, the address bar should turn green. This
indicates that the certificate is one where there is a relatively high
level of certainty that the signer has correctly authenticated the
identity of the site. Note that VeriSign issue certificates with
varying levels of authentication. For financial payment services you
want their class 3 certificates, or one of a similar level from one of
the other reputable signers.
The signer may change in the future.
Noting the subject of the this thread, I would point out that, by
default, Firefox trusts Equifax to authenticate web sites! Anyone who
is paranoid about Equifax should probably disable those certificates,
although that will deny access to some web sites.
7 March 2012 Last updated at 09:43 GMTThe problem is that VbV is insecure:
Cahoot used to do one. but it appears they no longer issue it.It is interesting to note that a lot of europe has one-use credit card
numbers for online purchases.
The credit card number lives for the duration of the transaction, and
that is it. It would be quite useful re domestic cost centres, medical
bits, IT spending, food spending, DIY project X, DIY project Y.
Credit cards could actually vanish, but that is another post...
Flop said:The problem is that VbV is insecure:
Why anyone should use a pop-up - the most dangerous carrier of viruses -
is beyond me
ps if you are using Firefox, you need to 'accept all third party'
cookies in Tools/Options/privacy. Another great loophole for security!!
I presume they are using the contents of the credit history file that,7 said:You go to Equifax web site and there is nothing
on their crap broken site about registering a complaint. They just want
to sell you credit reports. ****** their credit reports, just put
up a link for verified by visa crap complaint and then we'll see.
I am going to demand under the data protection act
they divulge all the questions they are ever likely to ask
and all the answers they have recorded against those questions
for the given card.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
|Verified by Visa?||13|
|Verified by Visa - is this optional???????||38|
|Verified by VISA - Compulsory?||11|
|Is it worth going for Verified By Visa||29|
|Verifying Verified By Visa - Registration breaks chain of trust||20|
|Verified by Visa: tied to the card-number or to the account?||11|
|USA Pass through Expense||0|