PledgeBank is now closed to new submissions. The site is available as an archive for you to browse, but you can no longer create or sign pledges. Find out more…

United States
I’ll do it, but only if you’ll help

Pledge “securecodesucks”

"I will complain to the retailers, banks, credit card companies and to government about every Verified By Visa or MasterCard SecureCode instance I see but only if 15 other online shoppers will do the same."

— Tom Morris

Deadline to sign up by: 1st July 2009
16 people signed up (1 over target)

Country: United Kingdom

More details
Rather than implementing some real security measures (one-time password generators, personal SSL certificates, SMS authentication, SMS and e-mail audit notifications and so on), the banks and credit card companies have put in place two poorly designed security measures called "3-D Secure", also known as "Verified by Visa" or "MasterCard SecureCode". They use inline iframes to present password windows to users. This teaches people that just typing in any old password when someone asks for it is okay - it's suspectible to man-in-the-middle attacks and to phishing.

The system is completely nointuitive. It gives almost no security benefit, and has considerable problems. It's a poor solution to the problem of identity theft. I think it's perfectly possible to stop it: if we complain to every online retailer we use who has implemented this hare-brained idea, and to Visa, MasterCard, the banks, APACS and the government. We should be demanding proper, working online security technologies from our banking institutions, not half-baked crap like Verified by Visa. To paraphrase Linus Torvalds, security that doesn't involve a web of trust model is little more than masturbation.

For more information on 3-D Secure/Verified by Visa/SecureCode, see:

This pledge has now closed; it was successful!

See more pledges, and all about how PledgeBank works.

Things to do with this pledge

RSS feed of comments on this pledge

Comments on this pledge

  • It's absolute cack, and should be binned. I recently made an on-line purchase, and the merchant site forced me to use this inline crap - for a card that HADN'T been registered... I now tend not to bother using sites that present this, unless it's from a site I am already happy to deal with.
    kevin anderson, 12 years ago. Abusive? Report it!
  • Some friends and I have had pretty bad customer experiences with Verified by Visa recently. It's not only bad security it's bad for business. Worth pointing out in any letters to merchants.

    There's a post on my blog with more ranting if anyone's interested.
  • Visa wants customers to give it Credit rather than the other way round. Its security number on back regularly fades. Its insurance facility is a joke as employs those on remits to not investigate fairly.
  • Tuan,
    Pembinaan Tower Telekomunikasi Di Kawasan Perumahan

    Dengan hormatnya merujuk perkara di atas, penduduk di sini iaitu Taman Desa Jaya Ayer Tawar di negeri Perak ingin membuat bantahan terhadap pembinaan sebuah tower p1wimax yang akan dibina di atas bumbung rumah kedai yang bernombor 15, Taman Desa Jaya, Ayer Tawar, Perak.

    Kami membantah pembinaan ini kerana jarak antara tower dan rumah kami adalah sangat dekat malah ketinggian bangunan itu hanya dua tingkat sahaja. Tempat tersebut adalah tidak sesuai untuk pembinaan tower telekomunikasi kerana ini akan menyebabkan kesihatan penduduk-penduduk di sini terjejas dan mengancam nyawa. Malahan pula, di taman ini terdapat juga kanak-kanak dan orang tua.

    Kami penduduk Taman Desa Jaya ,Ayer Tawar,Perak di sini ingin meminta jasa baik dan prihatin pihak Tuan supaya satu tindakan diambil dan pembinaan pemancar telekomunikasi ditukar ke lokasi yang lebih bersesuaian.

    Kerjasama dan prihatin tuan diucapkan ribuan terima kasih.
    Jeng, 11 years ago. Abusive? Report it!
This pledge is closed for new comments.

Current signatories (Green text = they've done it)

Tom Morris, the Pledge Creator, joined by:

  • maeengaber
  • Steven McCaw
  • Steve Maguire
  • Lou Burnard
  • John Ireland
  • Phil Crowe
  • Richard King
  • Ian Henshaw
  • garsin cheung
  • John Cooper
  • Jake Hall
  • Andrew Liles
  • Helen Russell
  • Rita Griffiths
  • 2 people who did not want to give their names, 1 of whom has done the pledge

View signup rate graph