Security researchers knock 'Verified by Visa'

Credit-card authentication system teaches online shoppers risky habits because it doesn't display visual markers, such as a color-coded browser bar or "https," researchers say.

The "Verified by Visa" credit-card authentication system has come under criticism from Cambridge University researchers, who say it is training online shoppers to adopt risky security habits.

The feature, which is used to authenticate online financial transactions, confuses people by not displaying security cues, security engineering researchers Ross Anderson and Steven Murdoch said in a paper (PDF) published Tuesday.

The protocol underlying Verified by Visa, as well competitor MasterCard's SecureCode service, is 3-D Secure (3DS). The protocol is implemented as an iframe pop-up box, said Anderson. The pop-up does not display any commonly used markers, such as a color-coded browser bar or "https" in the URL, that demonstrate the box has been secured using the Transport Layer Security protocol. Because of this, online buyers have no visual verification that the box is a valid part of the credit-card transaction.

Read more of "Cambridge researchers knock Verified by Visa" at ZDNet UK.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Roku 4: Our favorite TV streaming system gets 4K video and a remote locator

Ever lose your remote in the couch cushions? Ever wish you could stream 4K Netflix without having to use your TV's built-in app? Roku's new high-end player, the $129 Roku 4, brings these new extras to its best-in-class streaming ecosystem.

by David Katzmaier