Resurrection of 3D Secure (VbV/SecureCode)
8 views
Skip to first unread message
Anders Rundgren
Aug 9, 2013, 2:24:13 AM8/9/13
to icf-m...@googlegroups.com
Dear List,
As you probably know the big credit card networks already back in 1999 launched a "Web Payment" scheme called 3D Secure.
Nowadays it is known as VbV (Verified by VISA) and SecureCode (MasterCard's variant).
Short description:
- The payment request (from the merchant) is routed (redirected) to the card issuer.
- The issuer performs an extra authentication step for the cardholder which results in a signed card holder authenticity response which gives the merchant assurance that the payer is legitimate.
3D Secure system is mandatory in Scandinavia but have without exception being ignored by US e-tailers. IMO, 3D Secure is probably the most user-hostile payment-system ever.
So why bother? I do because the core concept is cool and could in a revised format become useful. Currently we are stuck with "User ID" (Card Number) and "Password" (CCV) printed in clear (!) on the card and that is neither convenient nor secure.
The following WebCrypto extension proposal
http://webpki.org/papers/PKI/pki-webcrypto.pdf
offers dynamically loaded "Trusted Chrome" which can support both POS-style and 3D Secure-like payments.
thanx,
Anders
As you probably know the big credit card networks already back in 1999 launched a "Web Payment" scheme called 3D Secure.
Nowadays it is known as VbV (Verified by VISA) and SecureCode (MasterCard's variant).
Short description:
- The payment request (from the merchant) is routed (redirected) to the card issuer.
- The issuer performs an extra authentication step for the cardholder which results in a signed card holder authenticity response which gives the merchant assurance that the payer is legitimate.
3D Secure system is mandatory in Scandinavia but have without exception being ignored by US e-tailers. IMO, 3D Secure is probably the most user-hostile payment-system ever.
So why bother? I do because the core concept is cool and could in a revised format become useful. Currently we are stuck with "User ID" (Card Number) and "Password" (CCV) printed in clear (!) on the card and that is neither convenient nor secure.
The following WebCrypto extension proposal
http://webpki.org/papers/PKI/pki-webcrypto.pdf
offers dynamically loaded "Trusted Chrome" which can support both POS-style and 3D Secure-like payments.
thanx,
Anders
Reply all
Reply to author
Forward
0 new messages