24 January 2018
visit www.ebaday.com

Cambridge scientists blast 3-D Secure system

27 January 2010  |  13999 views  |  0 Online Buy and sell button

The 3-D Secure protocol adopted by banks and card schemes under the Verified by Visa and MasterCard SecureCode banners has been branded by Cambridge University academics as "a textbook example of how not to design an authentication protocol" by ignoring good design principles and presenting "signifi cant vulnerabilities".

In a paper submitted to the Financial Cryptography Conference in Tenerife, Spain, Cambridge researchers Ross Anderson and Steven Murdoch say 3-D Secure has "lousy technology", but triumphed over better authentication schemes by getting the economics right.

The protocol has been widely adopted by online merchants, many of which insist on using it for card authentication at the check-out. Strong economic incentives have fostered the practice by pushing liability for fraudulent transactions back on to merchants who refuse to participate. As a consequence, the scheme now has hundreds of millions registered users.

Ross and Anderson say inconsistent implementation at the merchant and bank end confuses customers and undermines standard industry advice on phishing avoidance. Verified by Visa has also been shown to be vulnerable to criminal attacks as the password can easily be reset by simply knowing a cardholder's card details and date of birth.

The Cambridge researchers suggest a number of alternative technical approaches to improve the scheme and are calling on the EU and bank regulators to step in and intervene on behalf of consumers. Further details and links to the presentation can be found here in a blog post by Finextra Community member Steven Murdoch.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Researchers crack e-banking card readers

Researchers crack e-banking card readers

27 February 2009  |  16282 views  |  13 comments
Apacs talks up take-up of online card security schemes

Apacs talks up take-up of online card security schemes

22 September 2008  |  9158 views  |  0 comments
A&L adds MasterCard and Visa authentication to e-bill site

A&L adds MasterCard and Visa authentication to e-bill site

27 June 2008  |  6707 views  |  0 comments
Phishers take aim at MasterCard SecureCode

Phishers take aim at MasterCard SecureCode

10 April 2008  |  22754 views  |  0 comments
PIN devices vulnerable to 'tapping' attacks, researchers warn

PIN devices vulnerable to 'tapping' attacks, researchers warn

27 February 2008  |  11352 views  |  0 comments
Researchers warn of Chip and PIN relay threat

Researchers warn of Chip and PIN relay threat

06 February 2007  |  19444 views  |  0 comments
Game over for Chip and PIN?

Game over for Chip and PIN?

05 January 2007  |  16223 views  |  0 comments
Visa explores compulsory VbV registration

Visa explores compulsory VbV registration

07 January 2005  |  6829 views  |  0 comments
Cambridge researchers expose cash machine security flaw

Cambridge researchers expose cash machine security flaw

24 February 2003  |  6665 views  |  0 comments
visit www.capgemini.comvisit www.vasco.comvisit www.ebaday.com

Top topics

Most viewed Most shared
Banks shift priorities toward growth, digitisation and innovation - surveyBanks shift priorities toward growth, digi...
9830 views comments | 38 tweets | 48 linkedin
Standard Chartered establishes fintech innovation and investment unitStandard Chartered establishes fintech inn...
9512 views comments | 14 tweets | 14 linkedin
Sbanken opens developer portal and invites customers to build their own digital bankSbanken opens developer portal and invites...
8548 views comments | 17 tweets | 11 linkedin
Could distributed ledgers restore the reputation of the MBS market?Could distributed ledgers restore the repu...
7062 views comments | 6 tweets | 9 linkedin
Metro Bank joins digital revolution with instant online account openingMetro Bank joins digital revolution with i...
7044 views comments | 13 tweets | 25 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job