|
| Register for our Free Newsletters |
|
 |
|
|
|
|
|
|
|
|
| Other Carouselweb publications |
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
Fixed password on 3D Secure may introduce vulnerability for users
|
|
Gridsure
: 24 September, 2008 (Technical Article) |
|
|
Gridsure warns of the use of fixed password systems for layered banking security as disclosure through key-logging may render the user liable to losses |
|
|
More than 25 million credit and debit card holders have registered to use the secure online payment system of 3D Secure - more commonly known as 'Verified by Visa' and 'Mastercard SecureCode'. A 600 per cent increase in the past two years.
While many will see this as a positive improvement for online security, GrIDsure, the developer of a revolutionary new approach to authentication warns that this extra layer of security may simply prove to be an added burden for consumers.
Jonathan Craymer, chairman of GrIDsure commented: "While any step to improve online security is always welcome, some may actually prove to be counterproductive due to their reliance on fixed passwords. It is disturbing that customers are now being forced to sign up to a system that may potentially leave them more vulnerable to identity theft than before. If a customer's password is used to commit fraudulent activity on their account, banks can now blame the customer for not protecting it sufficiently - a fact that many people are not informed of.
"Software such as spyware or key logging technology can render the extra layer of protection useless as a fixed password can be captured and compromised quite easily. The security of the system could be immediately improved by replacing these with one-time passwords or PINs. The cynical amongst us may argue that some financial organisations are simply concerned with shifting responsibility rather than improving security," continued Craymer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
