Thursday, May 3, 2007

Phishes and loathes...

This post by Pascal Meunier over at CERIAS is well worth reading if you use a Visa credit card to make purchases online and the vendor uses the "Verified by Visa" program. The basic problem is that Visa's program presents itself like more of a phishing attempt than a legitimate fraud prevention tool. Worse than that, I think, is the fundamental implementation problems that Pascal notes in the update at the bottom of the article. Does anyone even test this stuff?

Update:
On the subject of phishing, it seems that banks and credit card companies still don't get it. I can find countless examples of unexpected emails from my banks that, from what I can tell are completely legitimate, but are full of "click here" and "login" links - the kinds that train the not-so-careful users to fall for phishing attacks in the first place. Maybe it's time I jumped on the ASCII ribbon campaign..

No comments: