Mastercard Securecode Rant.
I ranted on the Ecommerce Experts mailing list earlier in the week after canceling an order on a cabling website, after it prompted me to enroll in Mastercard Securecode, with no way out.
My gripes are that
- The general public should NOT be encouraged to enter their secret personal data at a checkout, in random popups. The commerce community should be sending the opposite signal; that filling in forms requesting private data on a random website is precisely how you get your identity stolen and used fraudulently !
- The form looks like a XSS attack, not something genuine, so I have no way to work out whether it is genuine, or whether I am being phished.
- The card may well be a company card, and not attributable to personal details.
I complained to the retailer and explained that I was not willing to order from them whilst they used and enforced securecode, and the retailer lied to me, explaining that they had no option but to use it, but that I could telephone through an order. I think they miss the point of e-commerce.
Please do not deploy Securecode or VBV on client sites. Please abort the transaction if you are prompted to enter your details on an untrustworthy third-party form during checkout online.
1 Comment
Comments
One Response to “Mastercard Securecode Rant.”
Leave a Reply
You must be logged in to post a comment.
August 6th, 2007 at 2:03 pm
Why do you say they lied to you? We used and enforced SecureCode because we had to.
I think you want to try cluebatting the banks/card companies. I suspect you won’t get anywhere at all though.