The Underscore Archives

On 4 Dec 2007, at 19:11, theUKdude wrote:
> slip of paper. Yet everyone is used to it now, and would probably  
> sneer at
> those (few) shops who haven't adopted this format (God, I have to sign
> something!!!). This will be the same, I assure you ... in a short  
> space of
> time.

Unfortunately neither the 3D Secure or PIN systems are designed to  
primarily benefit the customer.

They were both introduced to move liability away from the card issuer  
(bank) and merchant (shop) and onto the customer.

The PIN system is an ideal example: you used to be fairly safe in the  
knowledge that you'd only need to type your PIN into safely obvious  
cash machines. Now, you're expected to tap it into any old keypad  
handed to you. (If you were after it, it would not be hard to point a  
CCTV camera at the device, or even fashion a device that looked like a  
normal PIN machine but just actually recorded the number for later  
abuse.)

Same goes for the 3D Secure password mentality, yeah, you're only  
asked for a few letters (some banks still ask for the whole password)  
but most people's passwords are going to be names of their pets /  
children / whatever. Not hard to guess...

-jonathan