Fraud liability part of payment system
2010-01-29 03:25:42
A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers.
The system is called 3-D Secure (3DS) but known better under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an on-line purchase.
As a reward for investing in the systems, merchants are less liable for fraudulent transactions and are stuck with fewer chargebacks.
A security researcher and engineer professor at the University of Cambridge contend there are several flaws with 3DS. One involves the use of unidentified information during the transaction, a common practice employed by malicious websites. Another problem is the continued use of passwords and user-supplied authentication credentials, which are subject to being acquired by thiefs.
Eagleye offers a revolutionary breakthrough to protect organizations from phishing, identity fraud, and malicious attacks. Eagleye adds an entirely new security layer to detect the real identity of visitors to a website before fraud occurs.
Learn more about Eagleye
PCWorld
