Last year around this time, I was shouting against the unsecure practices in credit card payments. A couple of friends had told me how “Mastercard SecureCode and VerfiedByVisa” are propping up to take care of this matter.
Needless to say, its a pathetic experience as long as security is concerned. I could set my password during shopping (one would expect logging into a bank or CC account on the bank site for such stuff) with very little information provided for my identification.
My wife has an add on card. She had no idea I had kept any password, and was able to reset and override my password while she was shopping. What a waste!
And around August, these stupid, stupid norms of SecureCode and VBV were mandated for all online payments in India, instead of asking the companies to build something secure rather than just building a database and calling it “securiteeee!”
Fortunately, I don’t have to rant much more. Ross Anderson has published an awesome research paper on this mess that pretty much covers most if not all aspects of this pile of stink. Hope this will someday be read by RBI here in India