Security Flaws Found in Verified by Visa, SecureCode
According to Trend Micro, the password reset function makes it disturbingly easy for a hacker to access a user's account.
Trend Micro's Rik Ferguson recently reported on a significant vulnerability in MasterCard's and Visa's credit card security programs.
"At issue is a security protocol called '3 Domain Secure,' (3DS), a program designed to reduce card fraud and shift liability for fraud from online merchants to the card issuing banks," writes Krebs on Security's Brian Krebs. "Visa introduced the program in 2001, branding it 'Verified by Visa,' and MasterCard has a similar program in place called 'SecureCode.'"
"But as Ferguson notes, people are human and tend to forget things, especially passcodes and passwords, and it is the password reset function that eliminates any security provided by Verified by Visa or SecureCode," Krebs writes.
Go to "Loopholes in Verified by Visa & SecureCode" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.