Security on the internet – one of Life’s little annoyances

So I went to register a new domain name today and before I could complete the transaction I went to a Verified by Visa page.  (https://usa.visa.com/personal/security/vbv/index.html)

 

On the surface the process seems innocent enough.  Just an extra confirmation step for all online purchases to ‘make sure’ that you are in fact, you.  However, I personally object to this service and am slightly miffed that my credit card was automatically enrolled in the program.

 

Why?  Because in real life as in software, security annoys end users.  Security on the internet has degraded into an infinite series of name/password combos which make security nothing but an inconvenience. 

 

Sure I don’t want people to steal my credit card, I just know there is a better way.  This is the year 2006!  Shouldn’t we have flying cards and retinal scanners at every doorway?  Or at the very least a centralized, standard identity provider? 

 

It just makes me think back to this post on Channel 9 about Identity:

https://channel9.msdn.com/ShowPost.aspx?PostID=85004

 

/sigh

Comments

• Anonymous
  April 05, 2006
  I think part of the problem is that card issuers haven't done enough to support their consumers.  While the software behind the scenes has improved (a little) in realtime checking of cards and fraud detection - they have done little to aid consumers (ala customers) in the internet space.
  
  Why they haven't done much around provisioning and implementing an identity system is a little of a mystery.
  They do after all gather, verify and store all sorts of information about you.  I would guess the biggest factor as to why nothing has been done comes down to cost.  Issuing a credit card is a low margin operation.
  
  Implementing something like an InfoCard profile that you can download or obtain from your card (plug your card into a smartcard reader, run an app that generates an InfoCard entry which is stored on your PC) - would make a big difference to online commerce to both consumers and business.  It would help reduce the fiscal risk associated with a transaction.
  
  But then again - PKI was supposed to deliver this with client and server certificates.  This failed for many reasons - large complex deployments required for PKI, inadequate definition of trust and chains of trust, poor support on the desktop and apalling API's.
• Anonymous
  April 07, 2006
  Definitely bring up some good points Dasher.  Ultimately there is the cost of implementing and maintaing a centeralized identity system, while simply 'going with the flow' is a free alternative.
  
  Hopefully with the new Windows Communication Foundation, applications being able to securely talk to each other to verify things like identity will become trivial ;)