The Underscore Archives

On Tue, 2007-12-04 at 20:22 +0000, Tom Gidden wrote:

> I'm not an eCommerce or financial security expert, but I'm sure Visa  
> and Mastercard could come up with something a little more secure.   
> Maybe a USB key that reads the card Chip and provides a decent secure  
> authentication channel tunnelling through the client computer, browser  
> and third-party website; or generates a one-time key for authorising a  
> payment.  I'd happily pay, say, £30 for such a doodat if I could then  
> lock down my accounts to disallow all non-authenticated transactions.

The last thing a bank wants to do is to support a device on an account
holders computer , the tech support would be horrendous. 
Also , most importantly , if someone broke it then the banks would be
100% liable[1], they can't afford to do that and deliver affordable
merchant rates. 

I was working at metacharge when they implimented 3d secure on their
systems , the banks make each transaction cheaper if you use 3d secure.
Why ? because liability is expensive and 3d secure changes the risk 
model enough to allow price breaks from their underwriters. The less
risky you are the cheaper your merchant services become.

This has to be sold as major technical enhancement to but
really its just a slight improvement to security and a bigger boost to
the credit card companies image of security.

Toodle-pip
Amias

[1] unless an open source solution was developed but i can't see the
banks getting behind that one anytime soon. would be cool tho.