BTW what security gives you any service where you register to it online during the payment process!!!! if you hacked the real owner info you will use it anyway to register and pass the process with no problems….

I recently asked First Direct, but was told that I couldn’t disable Verified by Visa on my account. I’ve avoided registering so far, but it’s getting harder and harder to buy things online without registering. There’s a bullying message telling you that future online transactions may be refused if you decline three times.

On a related topic, has anyone tried using a card for face-to-face transactions with the CVV number obscured on the back of the card? It strikes me that the CVV number should not appear on the card, as it’s only necessary for cardholder-not-present transactions. But sometimes (e.g. in hotels) the CVV gets written down (even though it’s against the rules): I guess hotel staff must be tempted to take the path of least resistance, because the customer will complain if they pre-authorise a suitably large amount at check-in, even though that’s the correct thing to do.

http://www.paymentseal.com

Although it still has the pop-up involved, it is easy to implement and it does not require additional communication with issuing bank entity. 3D secure is designed to benefit the merchants while the PaymentSeal solution I’m proposing addresses the shopper’s concerns.

p.s. The demo sites are not SSL secured, but in an actual implementation, there will be SSL.

Your time and effort is much appreciated. J.L.

After explaining this to various people on their”customer support this is not the case.

They refused to pass on the call to somebody more senior and refused to hand over their own identifing details.

Finaly after more preasure they handed over the following address for written complaints,

New Tesco House,
Delamare Road,
Cheshunt,
Herts,
EN8 9SL

But the customer support droid refused to give a name or department it should be marked for.

So TESCO’s customer droids are breaking various rules etc.

So does anybody know the name and correct address of a director level person to whom a formal complaint can be sent?

Is the protocol within a protocol just called an “implementation”, or is the implementation the actual code, and the protocol which it implements a combination of the framework and some proprietary spec document that never sees the light of day? (2 marks)

EMV and 3DS appear to be similar animals: protocol frameworks. They specify the way things work — in part — and then there is freedom to do as you wish within the framework, including getting it right, fixing stuff up, pushing other protocols through it, or shooting yourself in the foot.

Now, in the case of banking, if an issuing bank acts like a muppet, and the framework permits it, is the framework broken? (5 marks)

What about if the issuing bank is clueful — or even rather smart — but there is a shortcoming in the framework that means they cant actually make the cool extension or feature they want without breaking the framework? (10 marks)

So the fact of the matter is that protocol frameworks are partly, but not totally responsible for the quality of the space of possible implementations that lie within them.

3DS has to take a bit of rap for what issuers feed through it, as does EMV. And dont even get me started on PKCS#11…

Answers on the back of a postcard, please.

Thank you.

I didn’t make the purchase and consumed 30 min of Target customer service and days of PenFed VP’s time in the process of trying to buy and learning what the hell was going on.

At no time during the process did anyone tell me that using VbV meant I was liable for any misbillings.