The Underscore Archives

On 4 Dec 2007, at 20:09, theUKdude wrote:
>
> This is correct, you need to be signed up to it.

...and have you noticed how little info is needed to sign up to it?  I  
had to initialise MasterCard SecureCode on a previously unused card  
the other day, and it just asked me for the Card Number, Expiry, CVV2  
and my date of birth.

Shockingly low requirement, if you ask me.  It should have required a  
unique code posted to me and a verification phone call.

Personally, I think credit card verification is one of the few things  
that might be worth building into the browser and OS, or ideally  
hardware, rather than being implemented just as a secure site.  I'd  
like proper client-side biometrics and physical card access rather  
than this idiot letters from a password thing, or the even dumber PIN  
idea.

I'm not an eCommerce or financial security expert, but I'm sure Visa  
and Mastercard could come up with something a little more secure.   
Maybe a USB key that reads the card Chip and provides a decent secure  
authentication channel tunnelling through the client computer, browser  
and third-party website; or generates a one-time key for authorising a  
payment.  I'd happily pay, say, £30 for such a doodat if I could then  
lock down my accounts to disallow all non-authenticated transactions.

Tom

-- 
Tom Gidden
http://gidden.net/tom/