Banks and Credit Card companies are fuckers

in Via Bruce Schneir's blog there is a link to a paper about a new
security system that credit card companies are rolling out; a single
sign on system. The paper is here:
http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf. The
bottom line is that the system is pretty insecure, but it is
incentivised by making the customer sign up to additional terms and
conditions that puts more liability on them than on the banks or
credit card companies. It seems a bit like adding a shrink wrap
licence around credit card usage. I think I would not mind if they
were increasing my security, but as outlined in the paper linked to
here, they are not. I recently had to use this system, and it seemed
very phishy to me, so I avoided it as much as I could, but for the
time being it looks like there is not going to be a way to avoid it in
future. Fuckers.

tags: online security, banks, single sign on.