Following on from a previous post about how the Verified By Visa and Mastercard SecureCode are training users to give up their identity to anyone who asks for it, apparently some lovely boffins at Cambridge have written a paper on it. (via)
The short version is that these mechanisms train consumers to provide their private account data to anyone claiming to be the card issuer. The problem is that there’s no way for the user to know that the data is being transmitted to the vendor rather than an imposter.
It makes you wonder what requirements were given to the people that designed the process. From my experience these verification processes cause a not insignificant drop-off in the success rate of payment processes, ie. fewer sales. With that (and the security problem) in mind it’s a fair bet that this particular family of verification mechanisms won’t last that long.