Wednesday, October 18, 2006

VISA wants you to have popups

I love my bank. They have such weird ideas about security. On the one hand they use a Digitag, a small device that generates different numbers every time you log in. The numbers can be asociated with a specific tag at a specific time, making it extremely difficult to log in unless you know the correct user name and password associated with that specific tag.
On the other hand they do daft things like asking me to send them the account number of my credit card account via email. And they did it during their own "Internet Security Week". Sad.
Now they are touting a new service from Visa that is (a) voluntary and (b) requires popups. It doesn't specify whether they are required generally or just once on the particular site where registration is supposed to occur, but still ...
Don't these people understand how annoying popup ads are, and the security risks associated with them? Haven't they noticed that IE6 and Firefox have a built-in popup blocker, and the Google toolbar became popular partly because it has a better popup blocker?
Of course, voluntary participation in the program adds an extra level of complexity (i.e cost) to the merchant's system, in the hopes they'll get fewer fraudsters ripping them off, but it doesn't mean that my card is any safer, since the program is voluntary.
Then there is the whole Javascript nonsense. Modern browsers do not need Javascript to navigate properly designed web sites. The trick is to get web designers to do their job. Still, I use NoScript, a Firefox extension that allows me to turn on Javascript only when I decide it's OK. I guess Visa knows what's best for me, and I'll ignore the advice of people like Steve Gibson. NOT.

Verified by VISA - FAQs Overview: "Q: Can I use Verified by VISA from any computer?

Yes. One of the great advantages of Verified by VISA is that it can work with just about any PC with an Internet connection. There is no special software to install. Once you activate your card, you simply shop as you usually do. Your VISA card number is automatically recognised at checkout. Be sure that Cookies and JavaScript are enabled and that pop-up killers are disabled on your computer."

No comments: