In unrelated news, a widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers. The system is called 3-D Secure (3DS) but known better under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an on-line purchase. As a reward for investing in the systems, merchants are less liable for fraudulent transactions and are stuck with fewer chargebacks. But banks such as the Royal Bank of Scotland are now holding consumers to a higher level of liability if fraudulent transactions occur using either system, said a security researcher at the University of Cambridge. That is despite what the researcher and a security engineering professor contend are several flaws with 3DS.
Security Magazine’s online archive has additional information on cybersecurity issues. Go to www.securitymagazine.com