On Wednesday I was trying to buy train tickets for an upcoming trip to London.
So, I book the tickets, and get to point of being asked for my card details … tap tap tap … kapow … Up comes the Verified by Visa payment screen (in a stupid iframe [how do I know this isn’t a phishing site?]). Well, it displays my ‘username’ correctly – a terrificly hard to guess one of MRDAVIDGOODWIN… I enter my details and it keeps decling them. Hmm.. Fine… perhaps I’ve incorrectly stored the password – “oooh look – reset password…” *click* – “You want me to enter my date of birth… is that the ONLY security check you’re going to do? WTF??? ”
Grr.. Why do they bother….
See also http://www.lightbluetouchpaper.org/2010/01/26/how-online-card-security-fails/
Man, thats totally lame. Im just lost for words …. lame. I would have expected a company like Visa to have done better
Mmm I see a money making ploy here… I know your date of birth! I know your mother’s maiden name, the name of your first pet and school.
Kerching! ££££!
Candy – exactly. And so perhaps does half the world thanks to the like of facebook / social networking etc.
I’m just worried what the ‘vampire’ application will use all the data it had access to from people’s profiles for!