Friday, January 29, 2010

Verified by Visa: "Textbook Example of How NOT to Design an Authentication Protocol"

In a TG Daily story, Emma Woolacott writes about the recent revelation that Verified by Visa and MasterCard SecureCode are NOT SECURE...

Credit card verification systems 'not secure'

Emma Woollacott | Fri 29th Jan 2010, 05:41 am

  • The Verified by Visa and MasterCard SecureCode credit card checks are fundamentally flawed, according to security researchers.




  • The 3-D Secure protocol, which underlies both, "might be a textbook example of how NOT to design an authentication protocol," say Steven Murdoch and Ross Anderson of the University of Cambridge Computer Lab.




  • "It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. 



Disqus for ePayment News