RE: Invasion of The Stock Hackers

[Drsolly <drsollyp () drsolly com>]

Recently, I bought something from a company I've traded with many times 
before. But now, they were using the "Verified by Visa" scheme.

So, I jumped though the various hoops, and set up a password. I still
don't see what protection it gives to me or to the company I bought from,
all that's happened is that the person who knows my card number (in this
case, me) has also set up a username and password.

So, I made my purchase, everything was fine.

Then Visa sent me an email. Their idea is that they can communicate with 
me by email now. The whole thing was initially done over the web, and now 
they think they can use email for telling me stuff.

It's hard for me to imagine what they think they're doing that improves 
their security, my security of the security of people I buy from. Who on 
earth sold them this scheme? 


On Mon, 27 Feb 2006, Gary Funck wrote:

> Dr. Solly queried:
> > What were the safeguards? They aren't mentioned in the article.
>
> Well, I didn't say they were _effective_ safeguards. <g>  This part,
>
>       The New York-based online broker says the wire instructions appeared
>       to be legit because they contained the security code the company
>       e-mailed to Murty to execute the transaction.
>
> In retrospect, E*Trade needed a better protocol for verifying identity
> before accepting the request to transfer money directly into a checking
> account.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.