University of Cambridge security researchers Steven J. Murdoch and Ross Anderson have published a paper claiming that the 3D Secure system for online payment card fraud prevention fails to deliver on its promises and features several security flaws.
In a paper presented at the recent Financial Cryptography and Data Security '10 conference, the two scientists insist that the 3D Secure system – known under the brand names of “Verified by VISA” and “MasterCard SecureCode” – “does just about everything wrong”. Among the vulnerabilities listed by Murdoch and Anderson’s paper are the increased risks of falling prey to phishing attacks, as well as the fact that customers could end up being held liable in case of fraud.
“This is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure. We conclude with a suggestion on what bank regulators might do to fix the problem”, Anderson wrote in a blog entry prior to presenting the paper.
The Paypers is the leading news source for the payments industry. We keep busy payments professionals across the globe up-to-date. Our comprehensive news service covers topics such as online and mobile payments, and much more. We offer many different options allowing you easy access to our daily news coverage, such as emailed headlines, general or specific news feeds, website access, journal subscriptions, or customised solutions.
Please fill in the form below if you would like to receive the free The Paypers Headlines directly to your inbox. We will e-mail you the latest headlines daily or weekly.