Hacker News new | past | comments | ask | show | jobs | submit login

The worst thing about these programs is the liability shift. Normally the merchant is left on the hook for fraudulent transactions.

With VbV and 3DS that liability passes back to the credit card company. Since the credit card company doesn't want that liability, and obviously there are no security holes in their system, then only one person can be responsible for not taking adequate care of their card and security details. Yep, you the consumer (read your small print).

Hence, by signing up for any of these programs as a consumer, you are shooting yourself in the foot.

Added to which, the program has been shown to be insecure, since if you hold the card in your hand (i.e. you skimmed the card), you can/could simply choose to reset your password: http://www.alphr.com/realworld/373768/the-security-hole-in-v...




Thing is it is very difficult to not be signed up for 3D Secure/VbV/SecureCode. I've had friends who have gone through ludicrous arguments with banks to get them opted out from 3D Secure.


I have been unable to be opted out from 3D Secure. It just doesn't seem to be possible. The argument the credit card companies usually use is that they aren't forcing it on us; it's the merchants, who set a flag in the transaction saying they require it.

If you know how to opt out of it, I'd love to know.


It does seem to work that way, I'm sure I've signed up for Verified by Visa but I've only had to use it once or twice. Which makes me happy, because I hate it.


A friend of mine told me his bank let him opt out. He just pestered them a lot.


The implementation is up to the bank. My banks use 2-factor authentication solutions for 3DSecure (one has you put the chip in a special reader, the other uses a mobile app)

https://www.flickr.com/photos/kalleboo/2486214902




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: