VeriSign on Monday unveiled a new security system to protect online buyers from identity theft, and said it had signed up PayPal, eBay, and Yahoo as the first sites to support the authentication service.
Called VeriSign Identity Protection (VIP), the system will let consumers use a single security device to authenticate themselves to any VIP-enabled Web site. Using a shared authentication network operated by VeriSign, VIP allows e-tailing sites and enterprises to provide customers or users with one authentication credential -- perhaps a USB-based token that plugs into the computer -- for verifying identity.
[edited by: shri at 12:35 am (utc) on Feb. 14, 2006] [edit reason] Fixed Link [/edit]
Banks have been using various "what you have" (ie some device generating one-time passwords) + "what-you-know" (ie your personal password and account number) authentication schemes since years.
It is impossible to believe, how insecure are credit cards in comparison with these authentication schemes!
It is like someone impersonated can steal your money knowing only your bank account number and your name.
Something wrong is with this world, if VISA was able to put such a raw and insecure technology into mainstream.
If someone was able to mass-market technology where payee authentication is based on some stronger method (like one-time password generating device in addition to just card number), who'd consider even using #*$!ty VISA? (I say it, because I have good grounds to do, many times being in the situation where losing my time and hope to return my stealed money.)