[WEB SECURITY] Vulnerabilities at PCI DSS sites

John Menerick jmenerick at netsuite.com
Tue Jan 4 14:02:52 EST 2011

 From what I understand, there are three systems under the 3-D Secure 

Issuer software (each issuer supporting 3-D Secure)
Merchant software (each merchant supporting 3-D Secure)
Directory Server (each payment system supporting 3-D Secure)

So if I understand, these papers concern the assurance and 
authentication between each of these systems, correct?

On 12/29/2010 12:27 PM, Christian Heinrich wrote:
> MustLive,
> A number of vulnerabilities of 3-D Secure, i.e. Verified by VISA and
> MasterCard SecureCode, have been presented by the University of
> Cambridge:
> 1. http://www.lightbluetouchpaper.org/2010/01/26/how-online-card-security-fails/
> 2. http://www.lightbluetouchpaper.org/2010/01/29/why-is-3-d-secure-a-single-sign-on-system/
> ASV of PCI DSS has also been criticised i.e. http://www.scanlesspci.com/.

John Menerick | Security

650-627-1000 (W) |jmenerick at netsuite.com

NetSuite: Where Business is Going

Register today for SuiteWorld! May 8–12, 2011 in San Francisco

NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose.  Any improper use or distribution is prohibited.  If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information.  Please note that all communications and information transmitted through this email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service.
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn 

WASC on Twitter

More information about the websecurity mailing list