On 2014-05-04 08:11, Anders Rundgren wrote: > Sort of linked to the "eternal" HTTPS Client Cert Authentication UI issues, I > would like to highlight > a related problem which is much bigger and that is the fact that we after 20 > years with the web > still mainly use unauthenticated Cardnumbers + "passwords" (CCV) printed in > clear on > credit-cards for authorizing web-payments. AKA known as "Card Not Present" > transactions > > Just about every month there are reports on massive break-ins in servers > which would be > fairly useless if there were a useful authentication scheme involved. In > fact, even the "secure" > EMV cards used in the EU and Asia, are exactly as susceptible to these > attacks as their > non-secure US counterparts, since the lowest common denominator (the web) > must be supported . > > Obviously the entire authentication space is in a poor condition compared to > the rest of the web. > > Anders
http://www.usatoday.com/story/money/business/2014/05/05/target-ceo-steps-down/8713847/
