Ask HN: Why is “Verified by Visa” integrated as an iFrame?
The PSD2 regulation in the Euro-zone now requires two-factor authentication for online credit card payments. So for every payment with my credit card, "Verified by Visa" or "Mastercard SecureCode" pop up and ask me to authenticate. Depending on the bank, the authentication can require the same credentials used to login to the online banking account. The authentication requirement is a bit of a hassle (CC network should bear the fraud risk), but the part that seems absurd to me is that the integration is done as an iFrame . That means ordinary users are now trained to enter their banking credentials on random websites—the opposite of what they learned in years of phishing education. Does anyone understand how it came to this? 2 comments on Hacker News.
The PSD2 regulation in the Euro-zone now requires two-factor authentication for online credit card payments. So for every payment with my credit card, "Verified by Visa" or "Mastercard SecureCode" pop up and ask me to authenticate. Depending on the bank, the authentication can require the same credentials used to login to the online banking account. The authentication requirement is a bit of a hassle (CC network should bear the fraud risk), but the part that seems absurd to me is that the integration is done as an iFrame . That means ordinary users are now trained to enter their banking credentials on random websites—the opposite of what they learned in years of phishing education. Does anyone understand how it came to this?
The PSD2 regulation in the Euro-zone now requires two-factor authentication for online credit card payments. So for every payment with my credit card, "Verified by Visa" or "Mastercard SecureCode" pop up and ask me to authenticate. Depending on the bank, the authentication can require the same credentials used to login to the online banking account. The authentication requirement is a bit of a hassle (CC network should bear the fraud risk), but the part that seems absurd to me is that the integration is done as an iFrame . That means ordinary users are now trained to enter their banking credentials on random websites—the opposite of what they learned in years of phishing education. Does anyone understand how it came to this? 2 comments on Hacker News.
The PSD2 regulation in the Euro-zone now requires two-factor authentication for online credit card payments. So for every payment with my credit card, "Verified by Visa" or "Mastercard SecureCode" pop up and ask me to authenticate. Depending on the bank, the authentication can require the same credentials used to login to the online banking account. The authentication requirement is a bit of a hassle (CC network should bear the fraud risk), but the part that seems absurd to me is that the integration is done as an iFrame . That means ordinary users are now trained to enter their banking credentials on random websites—the opposite of what they learned in years of phishing education. Does anyone understand how it came to this?
Hacker News story: Ask HN: Why is “Verified by Visa” integrated as an iFrame?
![Hacker News story: Ask HN: Why is “Verified by Visa” integrated as an iFrame?]()
Reviewed by Tha Kur
on
October 13, 2021
Rating:
No comments: