<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_28_195216</id>
	<title>Why "Verified By Visa" System Is Insecure</title>
	<author>timothy</author>
	<datestamp>1264707060000</datestamp>
	<htmltext><a href="http://www.goodgearguide.com.au/" rel="nofollow">angry tapir</a> writes <i>"A widely deployed system intended to reduce on-line payment card fraud is <a href="http://www.pcworld.idg.com.au/article/334105">fraught with security problems</a>, according to University of Cambridge researchers. The system is called 3-D Secure (3DS) but is better known under the names Verified by Visa and MasterCard SecureCode. Steven J. Murdoch, a security researcher at the University of Cambridge, and security engineering professor Ross Anderson contend there are several flaws with 3DS. One of their main points is how 3DS is integrated into Web sites during a transaction &mdash; e-Commerce Web sites display 3DS in an iframe."</i></htmltext>
<tokenext>angry tapir writes " A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems , according to University of Cambridge researchers .
The system is called 3-D Secure ( 3DS ) but is better known under the names Verified by Visa and MasterCard SecureCode .
Steven J. Murdoch , a security researcher at the University of Cambridge , and security engineering professor Ross Anderson contend there are several flaws with 3DS .
One of their main points is how 3DS is integrated into Web sites during a transaction    e-Commerce Web sites display 3DS in an iframe .
"</tokentext>
<sentencetext>angry tapir writes "A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers.
The system is called 3-D Secure (3DS) but is better known under the names Verified by Visa and MasterCard SecureCode.
Steven J. Murdoch, a security researcher at the University of Cambridge, and security engineering professor Ross Anderson contend there are several flaws with 3DS.
One of their main points is how 3DS is integrated into Web sites during a transaction — e-Commerce Web sites display 3DS in an iframe.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947206</id>
	<title>Re:I'd rather use</title>
	<author>Anonymous</author>
	<datestamp>1264760040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>As long as you don't use the browser extension to generate them. They're all written by a company owned by Mastercard, and the code is awful, so it will crash your browser (consistently, but at times when you aren't making purchases which will make you think it's "random").</p><p>This applies to Visa, Citi, PayPal, Discover, and some others (since it's all the same code).</p></htmltext>
<tokenext>As long as you do n't use the browser extension to generate them .
They 're all written by a company owned by Mastercard , and the code is awful , so it will crash your browser ( consistently , but at times when you are n't making purchases which will make you think it 's " random " ) .This applies to Visa , Citi , PayPal , Discover , and some others ( since it 's all the same code ) .</tokentext>
<sentencetext>As long as you don't use the browser extension to generate them.
They're all written by a company owned by Mastercard, and the code is awful, so it will crash your browser (consistently, but at times when you aren't making purchases which will make you think it's "random").This applies to Visa, Citi, PayPal, Discover, and some others (since it's all the same code).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947366</id>
	<title>Re:Activation During Shopping</title>
	<author>adolf</author>
	<datestamp>1264762140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Every time I've been pestered by a "Verified by Visa" prompt, I've been successful in finding the "Fuck off" button and continuing anyway.</p><p>YMMV.</p></htmltext>
<tokenext>Every time I 've been pestered by a " Verified by Visa " prompt , I 've been successful in finding the " Fuck off " button and continuing anyway.YMMV .</tokentext>
<sentencetext>Every time I've been pestered by a "Verified by Visa" prompt, I've been successful in finding the "Fuck off" button and continuing anyway.YMMV.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942310</id>
	<title>Re:Lol</title>
	<author>jonbryce</author>
	<datestamp>1264677000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In some of the accountancy newsgroups I frequent, we sometimes get merchants wondering why so many people abandon their purchases when they put 3D Secure on their websites.  Anecdotally it seems that about 2/3 of customers will abandon their transaction if they hit the verified by visa page.  I certainly do, because it asks me to enter password details into a site called "securesite.co.uk", owned by some very small company called Redstation Limited I've never heard of.</p></htmltext>
<tokenext>In some of the accountancy newsgroups I frequent , we sometimes get merchants wondering why so many people abandon their purchases when they put 3D Secure on their websites .
Anecdotally it seems that about 2/3 of customers will abandon their transaction if they hit the verified by visa page .
I certainly do , because it asks me to enter password details into a site called " securesite.co.uk " , owned by some very small company called Redstation Limited I 've never heard of .</tokentext>
<sentencetext>In some of the accountancy newsgroups I frequent, we sometimes get merchants wondering why so many people abandon their purchases when they put 3D Secure on their websites.
Anecdotally it seems that about 2/3 of customers will abandon their transaction if they hit the verified by visa page.
I certainly do, because it asks me to enter password details into a site called "securesite.co.uk", owned by some very small company called Redstation Limited I've never heard of.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940218</id>
	<title>Brings me back</title>
	<author>jwinster</author>
	<datestamp>1264670640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>TFA mentions one of the securities holes being that users "can't see the URL of the verified by visa website because it's in an iframe."  Reminds me of the first time a website asked me to enter a password on verified by visa, I stopped the transaction and purchased the item somewhere else for that very reason, since I never had any notification that verified by visa was something I was going to have to do.</htmltext>
<tokenext>TFA mentions one of the securities holes being that users " ca n't see the URL of the verified by visa website because it 's in an iframe .
" Reminds me of the first time a website asked me to enter a password on verified by visa , I stopped the transaction and purchased the item somewhere else for that very reason , since I never had any notification that verified by visa was something I was going to have to do .</tokentext>
<sentencetext>TFA mentions one of the securities holes being that users "can't see the URL of the verified by visa website because it's in an iframe.
"  Reminds me of the first time a website asked me to enter a password on verified by visa, I stopped the transaction and purchased the item somewhere else for that very reason, since I never had any notification that verified by visa was something I was going to have to do.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941814</id>
	<title>Not Used By NewEgg Anyway</title>
	<author>MrTripps</author>
	<datestamp>1264675380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The Verified by Visa thing comes up after I try to place an order on NewEgg. Thing is, if I don't bother with it and browse to another page when the VbV window comes up the transaction goes through anyway. This means Visa is trying to verify a transaction that has already taken place.</htmltext>
<tokenext>The Verified by Visa thing comes up after I try to place an order on NewEgg .
Thing is , if I do n't bother with it and browse to another page when the VbV window comes up the transaction goes through anyway .
This means Visa is trying to verify a transaction that has already taken place .</tokentext>
<sentencetext>The Verified by Visa thing comes up after I try to place an order on NewEgg.
Thing is, if I don't bother with it and browse to another page when the VbV window comes up the transaction goes through anyway.
This means Visa is trying to verify a transaction that has already taken place.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940872</id>
	<title>When someone finds my password...</title>
	<author>deains</author>
	<datestamp>1264672380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>...my account is still secure. Not all 3DS systems are the same between banks, and some of them actually do it reasonably well (though no security is ever foolproof, of course). On my account, 3DS asks me for one of the five security questions on my account, which involve various different inputs (dates, names, places, etc.). To actually log into my online acccount I need both the answer to the security questions above, a secret code (not the same as my PIN), plus the standard account details. If I want to actually do anything useful online, I have to use my bank's little security device, which takes my card in and spits out a random code so long as I enter my PIN right (think Blizzard dongle, but with Chip and PIN).

And of course, if someone manages to steal my 3DS answer in order to use my card elsewhere, they still need to find out all my other card details. Even if they found out them, they've only got a 1 in 5 chance of getting the right question they know the answer to. The system allows 3 attempts. Good luck, guys.</htmltext>
<tokenext>...my account is still secure .
Not all 3DS systems are the same between banks , and some of them actually do it reasonably well ( though no security is ever foolproof , of course ) .
On my account , 3DS asks me for one of the five security questions on my account , which involve various different inputs ( dates , names , places , etc. ) .
To actually log into my online acccount I need both the answer to the security questions above , a secret code ( not the same as my PIN ) , plus the standard account details .
If I want to actually do anything useful online , I have to use my bank 's little security device , which takes my card in and spits out a random code so long as I enter my PIN right ( think Blizzard dongle , but with Chip and PIN ) .
And of course , if someone manages to steal my 3DS answer in order to use my card elsewhere , they still need to find out all my other card details .
Even if they found out them , they 've only got a 1 in 5 chance of getting the right question they know the answer to .
The system allows 3 attempts .
Good luck , guys .</tokentext>
<sentencetext>...my account is still secure.
Not all 3DS systems are the same between banks, and some of them actually do it reasonably well (though no security is ever foolproof, of course).
On my account, 3DS asks me for one of the five security questions on my account, which involve various different inputs (dates, names, places, etc.).
To actually log into my online acccount I need both the answer to the security questions above, a secret code (not the same as my PIN), plus the standard account details.
If I want to actually do anything useful online, I have to use my bank's little security device, which takes my card in and spits out a random code so long as I enter my PIN right (think Blizzard dongle, but with Chip and PIN).
And of course, if someone manages to steal my 3DS answer in order to use my card elsewhere, they still need to find out all my other card details.
Even if they found out them, they've only got a 1 in 5 chance of getting the right question they know the answer to.
The system allows 3 attempts.
Good luck, guys.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940098</id>
	<title>Hundreds of newegg purchases with Opera browser</title>
	<author>Anonymous</author>
	<datestamp>1264670340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I've done hundreds of newegg purchases using opera. After the order I get a redirect to the verified page with a couple of dancing eggs. Then my order completes. No popup. No iframe. No prompts for passwords ever.</p><p>I don't know if this behavior is opera related or related to the fact that my visa is issued by a credit union that I belong to. But vbv has never asked me for anything ever.</p></htmltext>
<tokenext>I 've done hundreds of newegg purchases using opera .
After the order I get a redirect to the verified page with a couple of dancing eggs .
Then my order completes .
No popup .
No iframe .
No prompts for passwords ever.I do n't know if this behavior is opera related or related to the fact that my visa is issued by a credit union that I belong to .
But vbv has never asked me for anything ever .</tokentext>
<sentencetext>I've done hundreds of newegg purchases using opera.
After the order I get a redirect to the verified page with a couple of dancing eggs.
Then my order completes.
No popup.
No iframe.
No prompts for passwords ever.I don't know if this behavior is opera related or related to the fact that my visa is issued by a credit union that I belong to.
But vbv has never asked me for anything ever.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120</id>
	<title>Re:Lol</title>
	<author>XorNand</author>
	<datestamp>1264670400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Newegg is the only store I've seen Verified by Visa used (and I buy a lot of stuff online).  Having had my share of problems with it, I never even browse Newegg anymore.  I guess they must have such a high incidence of fraud though that it's worth losing the occasional regular customer like me.</htmltext>
<tokenext>Newegg is the only store I 've seen Verified by Visa used ( and I buy a lot of stuff online ) .
Having had my share of problems with it , I never even browse Newegg anymore .
I guess they must have such a high incidence of fraud though that it 's worth losing the occasional regular customer like me .</tokentext>
<sentencetext>Newegg is the only store I've seen Verified by Visa used (and I buy a lot of stuff online).
Having had my share of problems with it, I never even browse Newegg anymore.
I guess they must have such a high incidence of fraud though that it's worth losing the occasional regular customer like me.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939760</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264669200000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>As a customer, the worst part is when the merchant doesn't bother to tell you "oh hey we're going to redirect you to this other site now" and first anti-XSS blocks the page transfer, then the page fails to work anyway thanks to noscript blocking the JS.</p><p>Even after I added all the appropriate whitelists, when I buy from a site that uses it, all it does is flash the logo up on the screen then take me back to the merchant's site where I finish the transaction.</p></htmltext>
<tokenext>As a customer , the worst part is when the merchant does n't bother to tell you " oh hey we 're going to redirect you to this other site now " and first anti-XSS blocks the page transfer , then the page fails to work anyway thanks to noscript blocking the JS.Even after I added all the appropriate whitelists , when I buy from a site that uses it , all it does is flash the logo up on the screen then take me back to the merchant 's site where I finish the transaction .</tokentext>
<sentencetext>As a customer, the worst part is when the merchant doesn't bother to tell you "oh hey we're going to redirect you to this other site now" and first anti-XSS blocks the page transfer, then the page fails to work anyway thanks to noscript blocking the JS.Even after I added all the appropriate whitelists, when I buy from a site that uses it, all it does is flash the logo up on the screen then take me back to the merchant's site where I finish the transaction.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032</id>
	<title>Re:Lol</title>
	<author>Lord Byron II</author>
	<datestamp>1264670100000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext><p>Here's a little tip that I discovered by accident. On a NewEgg order, if you hit "cancel" on the Verified-by-Visa page, the order still goes through.</p></htmltext>
<tokenext>Here 's a little tip that I discovered by accident .
On a NewEgg order , if you hit " cancel " on the Verified-by-Visa page , the order still goes through .</tokentext>
<sentencetext>Here's a little tip that I discovered by accident.
On a NewEgg order, if you hit "cancel" on the Verified-by-Visa page, the order still goes through.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944976</id>
	<title>Re:Of Course It's Insecure!</title>
	<author>couchslug</author>
	<datestamp>1264692480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"If somebody puts a keylogger on your Windows box, they'll get what they need no matter how many passwords you are required to type."</p><p>Among the reasons I don't do online transactions on Windows machines.</p></htmltext>
<tokenext>" If somebody puts a keylogger on your Windows box , they 'll get what they need no matter how many passwords you are required to type .
" Among the reasons I do n't do online transactions on Windows machines .</tokentext>
<sentencetext>"If somebody puts a keylogger on your Windows box, they'll get what they need no matter how many passwords you are required to type.
"Among the reasons I don't do online transactions on Windows machines.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940408</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940648</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264671780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Good luck with that. I have no idea what my password is. The requirements for the password are so limiting (6 chars, no spaces, no special characters), that even my worst password is too complex for it. Of course, that's easily another security problem in and of itself. I wind up just resetting the password and making one up on the fly if I need to use it, though generally I just avoid it like the plague.</p></htmltext>
<tokenext>Good luck with that .
I have no idea what my password is .
The requirements for the password are so limiting ( 6 chars , no spaces , no special characters ) , that even my worst password is too complex for it .
Of course , that 's easily another security problem in and of itself .
I wind up just resetting the password and making one up on the fly if I need to use it , though generally I just avoid it like the plague .</tokentext>
<sentencetext>Good luck with that.
I have no idea what my password is.
The requirements for the password are so limiting (6 chars, no spaces, no special characters), that even my worst password is too complex for it.
Of course, that's easily another security problem in and of itself.
I wind up just resetting the password and making one up on the fly if I need to use it, though generally I just avoid it like the plague.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945172</id>
	<title>Mandatory in India...</title>
	<author>Anonymous</author>
	<datestamp>1264694280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>In India, it is mandatory to use 3DS - no Indian CC will work without this extra step...<br>Online shopping sites here reported a 30-50\% drop in orders when 3DS became mandatory.</p></htmltext>
<tokenext>In India , it is mandatory to use 3DS - no Indian CC will work without this extra step...Online shopping sites here reported a 30-50 \ % drop in orders when 3DS became mandatory .</tokentext>
<sentencetext>In India, it is mandatory to use 3DS - no Indian CC will work without this extra step...Online shopping sites here reported a 30-50\% drop in orders when 3DS became mandatory.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941824</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>scamper\_22</author>
	<datestamp>1264675380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>There's a very easy solution to this problem.  I'm sure they have similar system elsewhere but Interac (debit card) in Canada allows you to pay online.  I use it for shopping at ncix.com for example.</p><p>You setup an account with the merchant.<br>You do your shopping... add to card... go to checkout... they give you a bill.</p><p>You then log into your online bank separately!  and from your bank account you transfer money to the merchants account.</p><p>The merchant never sees your password and phishing is near impossible because you have to logon to your bank account separately.  It's a bit inconvenient, but it's a much more secure system.  You don't even have to trust the merchant as they never see your password info.  They just wait for the money.</p><p>There's no other way to really do it.  even if the showed a URL in the Verified by Visa scheme, you would still need to check it... a shady merchant could fake it...<br>About the only other way would be to have some trusted authorities built into the browser (like we do with certificates).  The site can request the browser to 'bring up secure payment for visa'... and it handles it with a non-webpage login/payment system.</p></htmltext>
<tokenext>There 's a very easy solution to this problem .
I 'm sure they have similar system elsewhere but Interac ( debit card ) in Canada allows you to pay online .
I use it for shopping at ncix.com for example.You setup an account with the merchant.You do your shopping... add to card... go to checkout... they give you a bill.You then log into your online bank separately !
and from your bank account you transfer money to the merchants account.The merchant never sees your password and phishing is near impossible because you have to logon to your bank account separately .
It 's a bit inconvenient , but it 's a much more secure system .
You do n't even have to trust the merchant as they never see your password info .
They just wait for the money.There 's no other way to really do it .
even if the showed a URL in the Verified by Visa scheme , you would still need to check it... a shady merchant could fake it...About the only other way would be to have some trusted authorities built into the browser ( like we do with certificates ) .
The site can request the browser to 'bring up secure payment for visa'... and it handles it with a non-webpage login/payment system .</tokentext>
<sentencetext>There's a very easy solution to this problem.
I'm sure they have similar system elsewhere but Interac (debit card) in Canada allows you to pay online.
I use it for shopping at ncix.com for example.You setup an account with the merchant.You do your shopping... add to card... go to checkout... they give you a bill.You then log into your online bank separately!
and from your bank account you transfer money to the merchants account.The merchant never sees your password and phishing is near impossible because you have to logon to your bank account separately.
It's a bit inconvenient, but it's a much more secure system.
You don't even have to trust the merchant as they never see your password info.
They just wait for the money.There's no other way to really do it.
even if the showed a URL in the Verified by Visa scheme, you would still need to check it... a shady merchant could fake it...About the only other way would be to have some trusted authorities built into the browser (like we do with certificates).
The site can request the browser to 'bring up secure payment for visa'... and it handles it with a non-webpage login/payment system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939578</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264711800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>I'm in the high risk card not present industry</p></div> </blockquote><p>I'm not quite sure what that is a well-rehearsed euphemism for, but I'm not going to ask.</p></div>
	</htmltext>
<tokenext>I 'm in the high risk card not present industry I 'm not quite sure what that is a well-rehearsed euphemism for , but I 'm not going to ask .</tokentext>
<sentencetext>I'm in the high risk card not present industry I'm not quite sure what that is a well-rehearsed euphemism for, but I'm not going to ask.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942276</id>
	<title>Bank responce (one year before "Cambridge resear")</title>
	<author>trust\_jmh</author>
	<datestamp>1264676820000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext>To: ive\_seen\_a\_scam@smile.co.uk 23/02/2009<br><br>Please forward this to someone with the ability to assess the risk of such security breach. (Preferably with basic knowledge of SSL and cross site scripting.)<br><br>A web site (not smiles) is asking for my accounts memorable name. I shouldn't be entering this information anywhere other than into a secure smile web site.<br><br>[Other sites that take payment using pay-pal I can trust as I see they redirect to a pay-pal server for me to enter my account details.] Perhaps you should take a look at how pay-pal processes such orders.<br><br>As the site I was ordering from should probably be trusted I choose to enter it this time and to then change the memorable name as soon as the order had complete.<br><br>Specifically;<br>http://www.smile.co.uk/servlet/Satellite?cid=1076315830501&amp;pagename=Smile\%2FPage\%<br>2FsmView&amp;rendermode=preview&amp;c=Page<br>Suggests I don't enter details into "computers that aren't your own" which I also assume applies to supplying to sites that aren't smiles.<br><br>http://www.smile.co.uk/servlet/Satellite?cid=1124867052028&amp;pagename=Smile\%2FPage\%2FsmView&amp;c=Page&amp;loc=l<br>"all secure messages between us travel in a closed environment, so they can&amp;rsquo;t be read by anyone else" but this is a 3rd party asking for my memorable name and not smile.<br><br>Order was from;<br>http://wck2.companieshouse.gov.uk<br>Appears to use<br>https://www.netbanx.com<br>to make the payment then it either takes the memorable name in this site or uses an embedded site from;<br>https://secure5.arcot.com<br><br>Please contact me if you require more information.<br><br>----<br>Reply: 23/02/2009<br>Thanks for your message.<br><br>I can understand your security concerns with the verified by visa scheme.<br><br>For more information with all aspects of this please visit our site<br>(www.smile.co.uk) then click the security link at the top.  Once there<br>select the verified by visa link on the left and this will then be able to<br>give you all the information you need.<br><br>----<br>My responce: 23/02/2009<br>Q: Is Verified by Visa (VbV) easy to use?<br>A: Yes. When you make an online purchase, a window from the Bank will be displayed and prompt you for your memorable name/VbV password. Simply enter your memorable name/VbV password and complete your purchase.<br><br>My problem is no apparent window from the bank is shown so it appears like (don't know if this is true or not) I am giving my security details directly to a third party. (It is very easy to create a malicious secure web site that looks just like the one I saw.)<br><br>----<br>Reply: 24/02/2009<br>I'm sorry you have concerns about your online security.<br><br>When you sign in to a Verified by Visa site using your smile card, you'll<br>automatically be asked for your memorable name. This will confirm that<br>you've been connected to smile behind the scenes. Other banks will ask<br>different questions, however being asked memorable names will confirm it is<br>us.<br><br>The original brief from Visa stated banks could introduce individual<br>questions for each customer, that's not been fully introduced yet, however<br>we'll be reviewing this in the near future. At the moment we're reviewing<br>and looking to implement other security procedures.<br><br>Please make sure the website you're using to make the online transaction is<br>a website that you trust, this is important as using a trusted website will<br>greatly reduce the likelihood of there being a scam.<br><br>Please also check that your PC is fully protected with antivirus, firewall<br>and anti-spyware software plus the relevant phishing filters available with<br>your chosen web browser. Please let me know if you need any more advice on<br>this.<br><br>Thanks for taking the time to contact us, I appreciate your concerns and<br>comments and have raised it internally for further consideration.</htmltext>
<tokenext>To : ive \ _seen \ _a \ _scam @ smile.co.uk 23/02/2009Please forward this to someone with the ability to assess the risk of such security breach .
( Preferably with basic knowledge of SSL and cross site scripting .
) A web site ( not smiles ) is asking for my accounts memorable name .
I should n't be entering this information anywhere other than into a secure smile web site .
[ Other sites that take payment using pay-pal I can trust as I see they redirect to a pay-pal server for me to enter my account details .
] Perhaps you should take a look at how pay-pal processes such orders.As the site I was ordering from should probably be trusted I choose to enter it this time and to then change the memorable name as soon as the order had complete.Specifically ; http : //www.smile.co.uk/servlet/Satellite ? cid = 1076315830501&amp;pagename = Smile \ % 2FPage \ % 2FsmView&amp;rendermode = preview&amp;c = PageSuggests I do n't enter details into " computers that are n't your own " which I also assume applies to supplying to sites that are n't smiles.http : //www.smile.co.uk/servlet/Satellite ? cid = 1124867052028&amp;pagename = Smile \ % 2FPage \ % 2FsmView&amp;c = Page&amp;loc = l " all secure messages between us travel in a closed environment , so they can    t be read by anyone else " but this is a 3rd party asking for my memorable name and not smile.Order was from ; http : //wck2.companieshouse.gov.ukAppears to usehttps : //www.netbanx.comto make the payment then it either takes the memorable name in this site or uses an embedded site from ; https : //secure5.arcot.comPlease contact me if you require more information.----Reply : 23/02/2009Thanks for your message.I can understand your security concerns with the verified by visa scheme.For more information with all aspects of this please visit our site ( www.smile.co.uk ) then click the security link at the top .
Once thereselect the verified by visa link on the left and this will then be able togive you all the information you need.----My responce : 23/02/2009Q : Is Verified by Visa ( VbV ) easy to use ? A : Yes .
When you make an online purchase , a window from the Bank will be displayed and prompt you for your memorable name/VbV password .
Simply enter your memorable name/VbV password and complete your purchase.My problem is no apparent window from the bank is shown so it appears like ( do n't know if this is true or not ) I am giving my security details directly to a third party .
( It is very easy to create a malicious secure web site that looks just like the one I saw .
) ----Reply : 24/02/2009I 'm sorry you have concerns about your online security.When you sign in to a Verified by Visa site using your smile card , you'llautomatically be asked for your memorable name .
This will confirm thatyou 've been connected to smile behind the scenes .
Other banks will askdifferent questions , however being asked memorable names will confirm it isus.The original brief from Visa stated banks could introduce individualquestions for each customer , that 's not been fully introduced yet , howeverwe 'll be reviewing this in the near future .
At the moment we 're reviewingand looking to implement other security procedures.Please make sure the website you 're using to make the online transaction isa website that you trust , this is important as using a trusted website willgreatly reduce the likelihood of there being a scam.Please also check that your PC is fully protected with antivirus , firewalland anti-spyware software plus the relevant phishing filters available withyour chosen web browser .
Please let me know if you need any more advice onthis.Thanks for taking the time to contact us , I appreciate your concerns andcomments and have raised it internally for further consideration .</tokentext>
<sentencetext>To: ive\_seen\_a\_scam@smile.co.uk 23/02/2009Please forward this to someone with the ability to assess the risk of such security breach.
(Preferably with basic knowledge of SSL and cross site scripting.
)A web site (not smiles) is asking for my accounts memorable name.
I shouldn't be entering this information anywhere other than into a secure smile web site.
[Other sites that take payment using pay-pal I can trust as I see they redirect to a pay-pal server for me to enter my account details.
] Perhaps you should take a look at how pay-pal processes such orders.As the site I was ordering from should probably be trusted I choose to enter it this time and to then change the memorable name as soon as the order had complete.Specifically;http://www.smile.co.uk/servlet/Satellite?cid=1076315830501&amp;pagename=Smile\%2FPage\%2FsmView&amp;rendermode=preview&amp;c=PageSuggests I don't enter details into "computers that aren't your own" which I also assume applies to supplying to sites that aren't smiles.http://www.smile.co.uk/servlet/Satellite?cid=1124867052028&amp;pagename=Smile\%2FPage\%2FsmView&amp;c=Page&amp;loc=l"all secure messages between us travel in a closed environment, so they can’t be read by anyone else" but this is a 3rd party asking for my memorable name and not smile.Order was from;http://wck2.companieshouse.gov.ukAppears to usehttps://www.netbanx.comto make the payment then it either takes the memorable name in this site or uses an embedded site from;https://secure5.arcot.comPlease contact me if you require more information.----Reply: 23/02/2009Thanks for your message.I can understand your security concerns with the verified by visa scheme.For more information with all aspects of this please visit our site(www.smile.co.uk) then click the security link at the top.
Once thereselect the verified by visa link on the left and this will then be able togive you all the information you need.----My responce: 23/02/2009Q: Is Verified by Visa (VbV) easy to use?A: Yes.
When you make an online purchase, a window from the Bank will be displayed and prompt you for your memorable name/VbV password.
Simply enter your memorable name/VbV password and complete your purchase.My problem is no apparent window from the bank is shown so it appears like (don't know if this is true or not) I am giving my security details directly to a third party.
(It is very easy to create a malicious secure web site that looks just like the one I saw.
)----Reply: 24/02/2009I'm sorry you have concerns about your online security.When you sign in to a Verified by Visa site using your smile card, you'llautomatically be asked for your memorable name.
This will confirm thatyou've been connected to smile behind the scenes.
Other banks will askdifferent questions, however being asked memorable names will confirm it isus.The original brief from Visa stated banks could introduce individualquestions for each customer, that's not been fully introduced yet, howeverwe'll be reviewing this in the near future.
At the moment we're reviewingand looking to implement other security procedures.Please make sure the website you're using to make the online transaction isa website that you trust, this is important as using a trusted website willgreatly reduce the likelihood of there being a scam.Please also check that your PC is fully protected with antivirus, firewalland anti-spyware software plus the relevant phishing filters available withyour chosen web browser.
Please let me know if you need any more advice onthis.Thanks for taking the time to contact us, I appreciate your concerns andcomments and have raised it internally for further consideration.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940582</id>
	<title>Sharath</title>
	<author>Anonymous</author>
	<datestamp>1264671600000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>can't believe this..the people simply start commenting having just half knowledge.. 3DS protocol is secure and helps banks to chose the method that it uses to verify its customer. Its left to banks how they want to authenticate its card holder. Few banks have chosen to keep static password while others use OTPs. In future banks would use IVR calls or Voice authentication or some other technology to identify its customer but the protocol does not change.</p><p>Few merchants may have implemented the flow wrongly.. merchants are supposed to re-direct the customer to his bank site and not show in frame or i-frame; that is just a bad implementation and is a invitation for phishing attack. In India at least as for as I have seen none of the merchant use i-frame thing.. all most all the merchants re-direct the customer to his bank for verification and customer can clearly see the url of bank server (or provider) that is authenticating him.</p><p>Its like telling.. if one drunk driver crashes a car and kills himself cars are unsafe..<nobr> <wbr></nobr>:P</p></htmltext>
<tokenext>ca n't believe this..the people simply start commenting having just half knowledge.. 3DS protocol is secure and helps banks to chose the method that it uses to verify its customer .
Its left to banks how they want to authenticate its card holder .
Few banks have chosen to keep static password while others use OTPs .
In future banks would use IVR calls or Voice authentication or some other technology to identify its customer but the protocol does not change.Few merchants may have implemented the flow wrongly.. merchants are supposed to re-direct the customer to his bank site and not show in frame or i-frame ; that is just a bad implementation and is a invitation for phishing attack .
In India at least as for as I have seen none of the merchant use i-frame thing.. all most all the merchants re-direct the customer to his bank for verification and customer can clearly see the url of bank server ( or provider ) that is authenticating him.Its like telling.. if one drunk driver crashes a car and kills himself cars are unsafe.. : P</tokentext>
<sentencetext>can't believe this..the people simply start commenting having just half knowledge.. 3DS protocol is secure and helps banks to chose the method that it uses to verify its customer.
Its left to banks how they want to authenticate its card holder.
Few banks have chosen to keep static password while others use OTPs.
In future banks would use IVR calls or Voice authentication or some other technology to identify its customer but the protocol does not change.Few merchants may have implemented the flow wrongly.. merchants are supposed to re-direct the customer to his bank site and not show in frame or i-frame; that is just a bad implementation and is a invitation for phishing attack.
In India at least as for as I have seen none of the merchant use i-frame thing.. all most all the merchants re-direct the customer to his bank for verification and customer can clearly see the url of bank server (or provider) that is authenticating him.Its like telling.. if one drunk driver crashes a car and kills himself cars are unsafe.. :P</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947462</id>
	<title>VbV</title>
	<author>Anonymous</author>
	<datestamp>1264763820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Brings back memories of working at a bank while VbV was being implemented, we all knew it was poor system just being used to shift blame to customers but obviously we wern't allowed to say that.</p><p>As for security online you are best using a credit card that you pay off in the intrest free period, this way your bank will work to recover any fraudulent activity as it is technically their money.</p></htmltext>
<tokenext>Brings back memories of working at a bank while VbV was being implemented , we all knew it was poor system just being used to shift blame to customers but obviously we wer n't allowed to say that.As for security online you are best using a credit card that you pay off in the intrest free period , this way your bank will work to recover any fraudulent activity as it is technically their money .</tokentext>
<sentencetext>Brings back memories of working at a bank while VbV was being implemented, we all knew it was poor system just being used to shift blame to customers but obviously we wern't allowed to say that.As for security online you are best using a credit card that you pay off in the intrest free period, this way your bank will work to recover any fraudulent activity as it is technically their money.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939634</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264711980000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>Agreed. A while back we got a few unexplainable card not authorised failures. Turned out these card were 3DS cards.<br>So I asked the internet guys if we should implement 3DS on our system to avoid losing sales.</p><p>Their answer was almost word for word verbatim what you've given "It transfers the liability from them to the customer, it is not secure".</p><p>We have not implement 3DS on our site. We have no intention of doing so.</p></htmltext>
<tokenext>Agreed .
A while back we got a few unexplainable card not authorised failures .
Turned out these card were 3DS cards.So I asked the internet guys if we should implement 3DS on our system to avoid losing sales.Their answer was almost word for word verbatim what you 've given " It transfers the liability from them to the customer , it is not secure " .We have not implement 3DS on our site .
We have no intention of doing so .</tokentext>
<sentencetext>Agreed.
A while back we got a few unexplainable card not authorised failures.
Turned out these card were 3DS cards.So I asked the internet guys if we should implement 3DS on our system to avoid losing sales.Their answer was almost word for word verbatim what you've given "It transfers the liability from them to the customer, it is not secure".We have not implement 3DS on our site.
We have no intention of doing so.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940216</id>
	<title>"intended to reduce on-line payment card fraud" ?</title>
	<author>Anonymous</author>
	<datestamp>1264670640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Thats incorrect, though its easy to see how the researchers could fall into the trap of believing this.</p><p>Anyway, if you read their terms of service, it becomes obvious that the main purpose of the Verified by Visa system is to shift liability for fraud onto the card-holders.  Its the main reason I've stopped using my Visa for any purchases over the Internet.</p></htmltext>
<tokenext>Thats incorrect , though its easy to see how the researchers could fall into the trap of believing this.Anyway , if you read their terms of service , it becomes obvious that the main purpose of the Verified by Visa system is to shift liability for fraud onto the card-holders .
Its the main reason I 've stopped using my Visa for any purchases over the Internet .</tokentext>
<sentencetext>Thats incorrect, though its easy to see how the researchers could fall into the trap of believing this.Anyway, if you read their terms of service, it becomes obvious that the main purpose of the Verified by Visa system is to shift liability for fraud onto the card-holders.
Its the main reason I've stopped using my Visa for any purchases over the Internet.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940176</id>
	<title>Re:I'd rather use</title>
	<author>Anonymous</author>
	<datestamp>1264670520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Like most engineering issues there is a trade-off between security and other factors like ease of use, throughput, user acceptance, etc. Unlike security researchers, banks and merchants are in business to make money so they tolerate security breaches in exchange for improved efficiency. For another example, businesses often don't require signatures on change purchases since it only slows down the checkout process  requiring more checkers for a given volume of transactions.</p></htmltext>
<tokenext>Like most engineering issues there is a trade-off between security and other factors like ease of use , throughput , user acceptance , etc .
Unlike security researchers , banks and merchants are in business to make money so they tolerate security breaches in exchange for improved efficiency .
For another example , businesses often do n't require signatures on change purchases since it only slows down the checkout process requiring more checkers for a given volume of transactions .</tokentext>
<sentencetext>Like most engineering issues there is a trade-off between security and other factors like ease of use, throughput, user acceptance, etc.
Unlike security researchers, banks and merchants are in business to make money so they tolerate security breaches in exchange for improved efficiency.
For another example, businesses often don't require signatures on change purchases since it only slows down the checkout process  requiring more checkers for a given volume of transactions.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940486</id>
	<title>c08</title>
	<author>Anonymous</author>
	<datestamp>1264671360000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">when IDC RecenTly</a> [goat.cx]</htmltext>
<tokenext>when IDC RecenTly [ goat.cx ]</tokentext>
<sentencetext>when IDC RecenTly [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941036</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Threni</author>
	<datestamp>1264672860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My problems are nothing to do with that.  I phoned my bank and they said that wasn't the problem.  Yes, there's a `holiday bit` you can have set for a period of time, but my bank still said my card was useless there.</p></htmltext>
<tokenext>My problems are nothing to do with that .
I phoned my bank and they said that was n't the problem .
Yes , there 's a ` holiday bit ` you can have set for a period of time , but my bank still said my card was useless there .</tokentext>
<sentencetext>My problems are nothing to do with that.
I phoned my bank and they said that wasn't the problem.
Yes, there's a `holiday bit` you can have set for a period of time, but my bank still said my card was useless there.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30969218</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Ed Avis</author>
	<datestamp>1264938300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You wouldn't be able to fool me into giving my 3DS password since I don't remember it.  Every time that Verified By Visa thing comes up, I have to go through the process of choosing a new password.  The only extra information I have to provide, beyond what's printed on the card, is my date of birth.  So I type that in and then cycle through about eight passwords I've previously used (it won't let you use one you have chosen before) before finding a new, unique one which I use for that transaction and then promptly forget.</htmltext>
<tokenext>You would n't be able to fool me into giving my 3DS password since I do n't remember it .
Every time that Verified By Visa thing comes up , I have to go through the process of choosing a new password .
The only extra information I have to provide , beyond what 's printed on the card , is my date of birth .
So I type that in and then cycle through about eight passwords I 've previously used ( it wo n't let you use one you have chosen before ) before finding a new , unique one which I use for that transaction and then promptly forget .</tokentext>
<sentencetext>You wouldn't be able to fool me into giving my 3DS password since I don't remember it.
Every time that Verified By Visa thing comes up, I have to go through the process of choosing a new password.
The only extra information I have to provide, beyond what's printed on the card, is my date of birth.
So I type that in and then cycle through about eight passwords I've previously used (it won't let you use one you have chosen before) before finding a new, unique one which I use for that transaction and then promptly forget.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943160</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264680360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I travel extensively and like Threni my card has been declined innumerable times, because as Visa states it is not in my normal spending habits, if doing the same thing and travelling as much as I do it not my normal habit what is??? and they call this security?</p><p>Gary<br><a href="http://affilliatemarketingmastery.com/" title="affilliate...astery.com" rel="nofollow">Master Affiliate Marketing Now</a> [affilliate...astery.com]</p></htmltext>
<tokenext>I travel extensively and like Threni my card has been declined innumerable times , because as Visa states it is not in my normal spending habits , if doing the same thing and travelling as much as I do it not my normal habit what is ? ? ?
and they call this security ? GaryMaster Affiliate Marketing Now [ affilliate...astery.com ]</tokentext>
<sentencetext>I travel extensively and like Threni my card has been declined innumerable times, because as Visa states it is not in my normal spending habits, if doing the same thing and travelling as much as I do it not my normal habit what is???
and they call this security?GaryMaster Affiliate Marketing Now [affilliate...astery.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944158</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264686360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Exactly why biometric security needs to be treated very carefully. If someone gets their biometrics associated with your identity, good luck unwinding that mess.</p></htmltext>
<tokenext>Exactly why biometric security needs to be treated very carefully .
If someone gets their biometrics associated with your identity , good luck unwinding that mess .</tokentext>
<sentencetext>Exactly why biometric security needs to be treated very carefully.
If someone gets their biometrics associated with your identity, good luck unwinding that mess.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947264</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>CaptainZapp</author>
	<datestamp>1264760820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Here's around Europe it's only optional for the first six purchases. Then you either register or you don't buy from merchants using the system.<p>
Unfortunately I buy airline tickets with my card and airlines around here all insist on it.</p><p>
What worries me a bit, apart from the phishing potential, is to use the card in a dodgy internet caffee in Bucharest, or so, for payment, since you're really not quite sure about the potentially sisnister software running on the box.</p></htmltext>
<tokenext>Here 's around Europe it 's only optional for the first six purchases .
Then you either register or you do n't buy from merchants using the system .
Unfortunately I buy airline tickets with my card and airlines around here all insist on it .
What worries me a bit , apart from the phishing potential , is to use the card in a dodgy internet caffee in Bucharest , or so , for payment , since you 're really not quite sure about the potentially sisnister software running on the box .</tokentext>
<sentencetext>Here's around Europe it's only optional for the first six purchases.
Then you either register or you don't buy from merchants using the system.
Unfortunately I buy airline tickets with my card and airlines around here all insist on it.
What worries me a bit, apart from the phishing potential, is to use the card in a dodgy internet caffee in Bucharest, or so, for payment, since you're really not quite sure about the potentially sisnister software running on the box.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942216</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939374</id>
	<title>I switched credit cards</title>
	<author>Anonymous</author>
	<datestamp>1264711200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>for all sites that I visited that tried to make me jump through the dumb VbV hoops, I switched to American Express..</p><p>I thought and still think that it is dumb to encourage consumers to type confidential information into a random pop-up page from a different web site than the one they are visiting.</p><p>A.</p></htmltext>
<tokenext>for all sites that I visited that tried to make me jump through the dumb VbV hoops , I switched to American Express..I thought and still think that it is dumb to encourage consumers to type confidential information into a random pop-up page from a different web site than the one they are visiting.A .</tokentext>
<sentencetext>for all sites that I visited that tried to make me jump through the dumb VbV hoops, I switched to American Express..I thought and still think that it is dumb to encourage consumers to type confidential information into a random pop-up page from a different web site than the one they are visiting.A.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947254</id>
	<title>Known this for ages.</title>
	<author>Anonymous</author>
	<datestamp>1264760760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I worked for a company that runs a payment gateway. We had to implement Verified by Visa in our systems, and we very quickly realised just how pointless it was. It was painfully obvious to us all how easy it would be to circumvent the system. The whole thing was a running joke in the office for the duration of the project.</p><p>The trouble was, we weren't given a choice -- if we didn't implement it, we lost our deals with the card companies, which would have basically been the end of the company. And not only that, but we had to do it in a hurry -- Visa were auditing us to make sure we did it, and gave us a very aggressive deadline to get it finished.</p></htmltext>
<tokenext>I worked for a company that runs a payment gateway .
We had to implement Verified by Visa in our systems , and we very quickly realised just how pointless it was .
It was painfully obvious to us all how easy it would be to circumvent the system .
The whole thing was a running joke in the office for the duration of the project.The trouble was , we were n't given a choice -- if we did n't implement it , we lost our deals with the card companies , which would have basically been the end of the company .
And not only that , but we had to do it in a hurry -- Visa were auditing us to make sure we did it , and gave us a very aggressive deadline to get it finished .</tokentext>
<sentencetext>I worked for a company that runs a payment gateway.
We had to implement Verified by Visa in our systems, and we very quickly realised just how pointless it was.
It was painfully obvious to us all how easy it would be to circumvent the system.
The whole thing was a running joke in the office for the duration of the project.The trouble was, we weren't given a choice -- if we didn't implement it, we lost our deals with the card companies, which would have basically been the end of the company.
And not only that, but we had to do it in a hurry -- Visa were auditing us to make sure we did it, and gave us a very aggressive deadline to get it finished.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30946904</id>
	<title>VbV/3D sucks</title>
	<author>Anonymous</author>
	<datestamp>1264755960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>For the unfortunate ones of us stuck in India, the VbV/3D secure systems are mandatory by order of the Reserve Bank. Although the law says additional authentication mechanism must be used apart from card details, banks were all to ready to implement VbV/3D systems. And it sucks big time.</p></htmltext>
<tokenext>For the unfortunate ones of us stuck in India , the VbV/3D secure systems are mandatory by order of the Reserve Bank .
Although the law says additional authentication mechanism must be used apart from card details , banks were all to ready to implement VbV/3D systems .
And it sucks big time .</tokentext>
<sentencetext>For the unfortunate ones of us stuck in India, the VbV/3D secure systems are mandatory by order of the Reserve Bank.
Although the law says additional authentication mechanism must be used apart from card details, banks were all to ready to implement VbV/3D systems.
And it sucks big time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944324</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264687500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What exactly does this have to do with Visa or Mastercard?  Either your bank is an idiot or one of your banks is an idiot, whichever issued the particular Visa.  Visa and Mastercard both have perfectly good implementations by lots of European banks that work perfectly well anywhere in the world, whether by chip and pin or by magnetic strip swipe and signature.</p><p>In fact, it's much more annoying the other way around, as in using a North American credit card in a European country where chip and pin is used exclusively.  Yes, the merchants can 100\% process the transaction with a swipe and signature, but the distrust oozing from salespeople who haven't seen such a thing is enormous.  Always fun when a manager has to be called and everyone is looking at you like you're attempting to rob the place.   Always makes you wonder when the first time will be that some eager youngin calls local PD to sort things out.</p></htmltext>
<tokenext>What exactly does this have to do with Visa or Mastercard ?
Either your bank is an idiot or one of your banks is an idiot , whichever issued the particular Visa .
Visa and Mastercard both have perfectly good implementations by lots of European banks that work perfectly well anywhere in the world , whether by chip and pin or by magnetic strip swipe and signature.In fact , it 's much more annoying the other way around , as in using a North American credit card in a European country where chip and pin is used exclusively .
Yes , the merchants can 100 \ % process the transaction with a swipe and signature , but the distrust oozing from salespeople who have n't seen such a thing is enormous .
Always fun when a manager has to be called and everyone is looking at you like you 're attempting to rob the place .
Always makes you wonder when the first time will be that some eager youngin calls local PD to sort things out .</tokentext>
<sentencetext>What exactly does this have to do with Visa or Mastercard?
Either your bank is an idiot or one of your banks is an idiot, whichever issued the particular Visa.
Visa and Mastercard both have perfectly good implementations by lots of European banks that work perfectly well anywhere in the world, whether by chip and pin or by magnetic strip swipe and signature.In fact, it's much more annoying the other way around, as in using a North American credit card in a European country where chip and pin is used exclusively.
Yes, the merchants can 100\% process the transaction with a swipe and signature, but the distrust oozing from salespeople who haven't seen such a thing is enormous.
Always fun when a manager has to be called and everyone is looking at you like you're attempting to rob the place.
Always makes you wonder when the first time will be that some eager youngin calls local PD to sort things out.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943342</id>
	<title>3DS is also broken from a human factors POV</title>
	<author>gilgongo</author>
	<datestamp>1264681320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I am a UI designer with an interest in security-related human factors.</p><p>3DS as deployed by MasterCard is also fundamentally insecure because its based on an anti-pattern: trust by proxy without offering any easy way to verify that trust. Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.</p><p>The trouble is most people just trust in the application of the anti-pattern. How then can anyone make sense of the fact that on the one hand, their bank exhorts them to be on the lookout for fraudulent emails and websites pretending to be their bank, while on the other hand their bank does EXACTLY that with 3DS.</p><p>Not only that, but there are apparently exploits in the wild that deploy browser-based man-in-the-middle attacks by throwing up fake 3DS forms on checkout pages. I recently received a mail from Zopa (a financial services website) that said the following:</p><p>"<i>Thanks to one of our members who reported that during the process of paying funds into his lender account, he was presented with a &lsquo;verified by Visa&rsquo; screen that requested his ATM pin code.<br>Suffice it to say that Zopa does not use this kind of verification so you should never submit any passwords or codes should you be prompted to do so via such a screen when using the Zopa site.</i></p><p><i>We have investigated the issue and can confirm that the problem is an issue entirely localized to this member&rsquo;s local environment and does not affect the Zopa site or its servers. Nevertheless, we wanted to make you aware so that you can avoid filling in your details should you be presented with a similar screen.</i> "</p><p>Words fail me.</p></htmltext>
<tokenext>I am a UI designer with an interest in security-related human factors.3DS as deployed by MasterCard is also fundamentally insecure because its based on an anti-pattern : trust by proxy without offering any easy way to verify that trust .
Visa 's implementation is marginally better becuase it echoes a " secret phrase " to you on the screen before you input your pin , thereby allowing you to verify that it 's them , and not some random phisher.The trouble is most people just trust in the application of the anti-pattern .
How then can anyone make sense of the fact that on the one hand , their bank exhorts them to be on the lookout for fraudulent emails and websites pretending to be their bank , while on the other hand their bank does EXACTLY that with 3DS.Not only that , but there are apparently exploits in the wild that deploy browser-based man-in-the-middle attacks by throwing up fake 3DS forms on checkout pages .
I recently received a mail from Zopa ( a financial services website ) that said the following : " Thanks to one of our members who reported that during the process of paying funds into his lender account , he was presented with a    verified by Visa    screen that requested his ATM pin code.Suffice it to say that Zopa does not use this kind of verification so you should never submit any passwords or codes should you be prompted to do so via such a screen when using the Zopa site.We have investigated the issue and can confirm that the problem is an issue entirely localized to this member    s local environment and does not affect the Zopa site or its servers .
Nevertheless , we wanted to make you aware so that you can avoid filling in your details should you be presented with a similar screen .
" Words fail me .</tokentext>
<sentencetext>I am a UI designer with an interest in security-related human factors.3DS as deployed by MasterCard is also fundamentally insecure because its based on an anti-pattern: trust by proxy without offering any easy way to verify that trust.
Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.The trouble is most people just trust in the application of the anti-pattern.
How then can anyone make sense of the fact that on the one hand, their bank exhorts them to be on the lookout for fraudulent emails and websites pretending to be their bank, while on the other hand their bank does EXACTLY that with 3DS.Not only that, but there are apparently exploits in the wild that deploy browser-based man-in-the-middle attacks by throwing up fake 3DS forms on checkout pages.
I recently received a mail from Zopa (a financial services website) that said the following:"Thanks to one of our members who reported that during the process of paying funds into his lender account, he was presented with a ‘verified by Visa’ screen that requested his ATM pin code.Suffice it to say that Zopa does not use this kind of verification so you should never submit any passwords or codes should you be prompted to do so via such a screen when using the Zopa site.We have investigated the issue and can confirm that the problem is an issue entirely localized to this member’s local environment and does not affect the Zopa site or its servers.
Nevertheless, we wanted to make you aware so that you can avoid filling in your details should you be presented with a similar screen.
"Words fail me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940038</id>
	<title>Article and "research" bad..</title>
	<author>ltning</author>
	<datestamp>1264670100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The researchers, and the article writers, completely fail to understand that 3-D Secure simply defines the interfaces between the three domains in the security model. The actual authentication model used is chosen and implemented by the card issuer. If the card issuer would decide it wants to use passphrase+OTP in a separate window (for URL validation), it could do so. In fact, outside of the US, many do. In Norway, for instance, online payments are usually verified through something akin to a "national electronic ID", which despite its flaws goes way above and beyond simple passwords.</p><p>The article is so full of factual mistakes and displays such a complete lack of knowledge and understanding it's not even funny.</p></htmltext>
<tokenext>The researchers , and the article writers , completely fail to understand that 3-D Secure simply defines the interfaces between the three domains in the security model .
The actual authentication model used is chosen and implemented by the card issuer .
If the card issuer would decide it wants to use passphrase + OTP in a separate window ( for URL validation ) , it could do so .
In fact , outside of the US , many do .
In Norway , for instance , online payments are usually verified through something akin to a " national electronic ID " , which despite its flaws goes way above and beyond simple passwords.The article is so full of factual mistakes and displays such a complete lack of knowledge and understanding it 's not even funny .</tokentext>
<sentencetext>The researchers, and the article writers, completely fail to understand that 3-D Secure simply defines the interfaces between the three domains in the security model.
The actual authentication model used is chosen and implemented by the card issuer.
If the card issuer would decide it wants to use passphrase+OTP in a separate window (for URL validation), it could do so.
In fact, outside of the US, many do.
In Norway, for instance, online payments are usually verified through something akin to a "national electronic ID", which despite its flaws goes way above and beyond simple passwords.The article is so full of factual mistakes and displays such a complete lack of knowledge and understanding it's not even funny.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30949838</id>
	<title>What?</title>
	<author>clint999</author>
	<datestamp>1264782600000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><strong>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.  I closed the widow intending to buy it on my MC instead, but the payment still went through.  2 days later I got a call from the Visa fraud department...haha.  I told the lady the verified thing was a bull**** pain in the ass and she let me on my way.  Haven't used my Visa since.</strong></htmltext>
<tokenext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever .
I closed the widow intending to buy it on my MC instead , but the payment still went through .
2 days later I got a call from the Visa fraud department...haha .
I told the lady the verified thing was a bull * * * * pain in the ass and she let me on my way .
Have n't used my Visa since .</tokentext>
<sentencetext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.
I closed the widow intending to buy it on my MC instead, but the payment still went through.
2 days later I got a call from the Visa fraud department...haha.
I told the lady the verified thing was a bull**** pain in the ass and she let me on my way.
Haven't used my Visa since.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940524</id>
	<title>Re:Lol</title>
	<author>Anonymous</author>
	<datestamp>1264671420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>My info always seems to change on me for VbV, so I don't bother with it. I've found hitting Cancel will, more often than not, proceed with the order as usual.</p></htmltext>
<tokenext>My info always seems to change on me for VbV , so I do n't bother with it .
I 've found hitting Cancel will , more often than not , proceed with the order as usual .</tokentext>
<sentencetext>My info always seems to change on me for VbV, so I don't bother with it.
I've found hitting Cancel will, more often than not, proceed with the order as usual.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947674</id>
	<title>Bank fucked up</title>
	<author>Nicolas MONNET</author>
	<datestamp>1264767240000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Chip cards have been in use for a very long time in France. They all have mag stripes, mainly because that's what most ATM use anyway, but also for use abroad. The mag stripe contains information as to whether the card also has a chip, so that even when an authorisation (the terminal phoning the acquirer) is not required, it can decide to deny the transaction preemptively if the card is supposed to have a pin and the terminal is supposed to be able to read it.</p><p>In that I case I guess the bank is just being incompetent, and failed to implement the ultra-advanced algorithm:</p><p><tt>if (card.haschip() &amp;&amp; terminal.haschipreader())<br>
&nbsp; &nbsp; &nbsp; &nbsp; return MUSTUSECHIP;<br>else<br>
&nbsp; &nbsp; &nbsp; &nbsp; return ITSOKTOUSETHEMAGSTRIPE;</tt></p></htmltext>
<tokenext>Chip cards have been in use for a very long time in France .
They all have mag stripes , mainly because that 's what most ATM use anyway , but also for use abroad .
The mag stripe contains information as to whether the card also has a chip , so that even when an authorisation ( the terminal phoning the acquirer ) is not required , it can decide to deny the transaction preemptively if the card is supposed to have a pin and the terminal is supposed to be able to read it.In that I case I guess the bank is just being incompetent , and failed to implement the ultra-advanced algorithm : if ( card.haschip ( ) &amp;&amp; terminal.haschipreader ( ) )         return MUSTUSECHIP ; else         return ITSOKTOUSETHEMAGSTRIPE ;</tokentext>
<sentencetext>Chip cards have been in use for a very long time in France.
They all have mag stripes, mainly because that's what most ATM use anyway, but also for use abroad.
The mag stripe contains information as to whether the card also has a chip, so that even when an authorisation (the terminal phoning the acquirer) is not required, it can decide to deny the transaction preemptively if the card is supposed to have a pin and the terminal is supposed to be able to read it.In that I case I guess the bank is just being incompetent, and failed to implement the ultra-advanced algorithm:if (card.haschip() &amp;&amp; terminal.haschipreader())
        return MUSTUSECHIP;else
        return ITSOKTOUSETHEMAGSTRIPE;</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945556</id>
	<title>Re:3DS is also broken from a human factors POV</title>
	<author>jareds</author>
	<datestamp>1264698900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.</p></div><p>It lets you verify that it's either Visa <strong>or</strong> a man-in-the-middle attack...</p></div>
	</htmltext>
<tokenext>Visa 's implementation is marginally better becuase it echoes a " secret phrase " to you on the screen before you input your pin , thereby allowing you to verify that it 's them , and not some random phisher.It lets you verify that it 's either Visa or a man-in-the-middle attack.. .</tokentext>
<sentencetext>Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.It lets you verify that it's either Visa or a man-in-the-middle attack...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943342</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944670</id>
	<title>Isn't iframe trademarked by Apple?</title>
	<author>bezenek</author>
	<datestamp>1264689900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Just checking...</htmltext>
<tokenext>Just checking.. .</tokentext>
<sentencetext>Just checking...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</id>
	<title>Lol</title>
	<author>Anonymous</author>
	<datestamp>1264710900000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext>I just literally 10 seconds before coming to slashdot and reading this, I got done giving Verified By Visa my password for a CC charge through newegg.  Awesome lol.  Oh well, I bet it's still more secure than not having it at all.</htmltext>
<tokenext>I just literally 10 seconds before coming to slashdot and reading this , I got done giving Verified By Visa my password for a CC charge through newegg .
Awesome lol .
Oh well , I bet it 's still more secure than not having it at all .</tokentext>
<sentencetext>I just literally 10 seconds before coming to slashdot and reading this, I got done giving Verified By Visa my password for a CC charge through newegg.
Awesome lol.
Oh well, I bet it's still more secure than not having it at all.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30952514</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>RockDoctor</author>
	<datestamp>1264792200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Most merchants refuse to deploy it anyhow unless forced. It causes a 5-8\% immediate drop in throughput. I wouldn't use a site that used it either.</p></div></blockquote><p>Sounds like an underestimate to me - I've already shit-canned one credit card because their implementation of VbV was so god-fuckingly horrible that it was impossible to use their card online. I now have disposed of fragments of the card over two continents and reduced the balance to them owing me about the price of a cigarette - which imposes a cost on them of maintaining the account. The other card I have which uses VbV allows me to violate a basic security principle to make the system usable, so I still use it. But I know that I'm breaking a security rule, so I probably use it less than I used to.</p><p>VbV can be an absolute nightmare for a user. Big foot-shot!</p></div>
	</htmltext>
<tokenext>Most merchants refuse to deploy it anyhow unless forced .
It causes a 5-8 \ % immediate drop in throughput .
I would n't use a site that used it either.Sounds like an underestimate to me - I 've already shit-canned one credit card because their implementation of VbV was so god-fuckingly horrible that it was impossible to use their card online .
I now have disposed of fragments of the card over two continents and reduced the balance to them owing me about the price of a cigarette - which imposes a cost on them of maintaining the account .
The other card I have which uses VbV allows me to violate a basic security principle to make the system usable , so I still use it .
But I know that I 'm breaking a security rule , so I probably use it less than I used to.VbV can be an absolute nightmare for a user .
Big foot-shot !</tokentext>
<sentencetext>Most merchants refuse to deploy it anyhow unless forced.
It causes a 5-8\% immediate drop in throughput.
I wouldn't use a site that used it either.Sounds like an underestimate to me - I've already shit-canned one credit card because their implementation of VbV was so god-fuckingly horrible that it was impossible to use their card online.
I now have disposed of fragments of the card over two continents and reduced the balance to them owing me about the price of a cigarette - which imposes a cost on them of maintaining the account.
The other card I have which uses VbV allows me to violate a basic security principle to make the system usable, so I still use it.
But I know that I'm breaking a security rule, so I probably use it less than I used to.VbV can be an absolute nightmare for a user.
Big foot-shot!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940286</id>
	<title>Re:I'd rather use</title>
	<author>slimjim8094</author>
	<datestamp>1264670820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm not smart enough to figure out how many credit card numbers exist - except that I know that it's not 10^16 because many numbers are invalid. For anyone who wants to figure this out, credit cards need a merchant code and an account code. I think the account code can be pretty arbitrary, but there are only a dozen or so merchant codes. And the whole thing needs a checksum.</p><p>Are there enough credit cards to let everyone use single-use numbers all the time? Maybe we should get only one alternate card number, whose default state is "locked" except for explicitly stated merchants, which default back to "locked" after one charge...</p></htmltext>
<tokenext>I 'm not smart enough to figure out how many credit card numbers exist - except that I know that it 's not 10 ^ 16 because many numbers are invalid .
For anyone who wants to figure this out , credit cards need a merchant code and an account code .
I think the account code can be pretty arbitrary , but there are only a dozen or so merchant codes .
And the whole thing needs a checksum.Are there enough credit cards to let everyone use single-use numbers all the time ?
Maybe we should get only one alternate card number , whose default state is " locked " except for explicitly stated merchants , which default back to " locked " after one charge.. .</tokentext>
<sentencetext>I'm not smart enough to figure out how many credit card numbers exist - except that I know that it's not 10^16 because many numbers are invalid.
For anyone who wants to figure this out, credit cards need a merchant code and an account code.
I think the account code can be pretty arbitrary, but there are only a dozen or so merchant codes.
And the whole thing needs a checksum.Are there enough credit cards to let everyone use single-use numbers all the time?
Maybe we should get only one alternate card number, whose default state is "locked" except for explicitly stated merchants, which default back to "locked" after one charge...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943698</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>the\_arrow</author>
	<datestamp>1264683420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Last time I was in England, three or four years ago, I had to try my chip-and-pin three times before they just used swipe-with-pin, even though I told them it would not work. If it was company policy, the policy of their bank or if it's a general rule I don't know. Will be fun how it will be when I visit next week.</p></htmltext>
<tokenext>Last time I was in England , three or four years ago , I had to try my chip-and-pin three times before they just used swipe-with-pin , even though I told them it would not work .
If it was company policy , the policy of their bank or if it 's a general rule I do n't know .
Will be fun how it will be when I visit next week .</tokentext>
<sentencetext>Last time I was in England, three or four years ago, I had to try my chip-and-pin three times before they just used swipe-with-pin, even though I told them it would not work.
If it was company policy, the policy of their bank or if it's a general rule I don't know.
Will be fun how it will be when I visit next week.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942216</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>orlanz</author>
	<datestamp>1264676640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I am a long time credit card user (don't believe in cash).  I ran into this a few months back with Walmart online.  It actually looked like a scam.  And you are right about the security aspect, just an offloading of (increased) risk.  It pops out of no where and the new page's instructions clearly said it was optional and I can hit cancel.  BUT, there was no cancel button, I even looked in the source code.  So I closed the browser.</p><p>This was considered \_fraudulent\_activity\_ and locked my card for a while (automatic, no warning).  I basically had to tell them: I don't want to sign up for the "optional feature" and I leave it to you if you want to keep my card locked.  I just started using my MC.  A Visa card that used to get charged 2-3k a month in business charges now gets about $50.  I think Visa completely, utterly screwed up with not only the idea, but the implementation, and the very approach of presenting the system.  A colossal failure for Visa and a big win for MC.  If MC starts it, rest assured, I will move to Discover and so on with Paypal at the end.</p><p>A credit card is supposed to provide you with security and convenience.  This system gives you neither!  Now, you basically have the risk of a TON of cash sitting behind yet another password only \_you\_ are supposed to know.  There are better ways to provide FAR more security with a negligible loss of convenience at a slightly higher price (ex: personal and one time pins), but I guess Visa just wanted to waste money tricking its customers into accepting a lot of the merchant's and Visa's risk.</p></htmltext>
<tokenext>I am a long time credit card user ( do n't believe in cash ) .
I ran into this a few months back with Walmart online .
It actually looked like a scam .
And you are right about the security aspect , just an offloading of ( increased ) risk .
It pops out of no where and the new page 's instructions clearly said it was optional and I can hit cancel .
BUT , there was no cancel button , I even looked in the source code .
So I closed the browser.This was considered \ _fraudulent \ _activity \ _ and locked my card for a while ( automatic , no warning ) .
I basically had to tell them : I do n't want to sign up for the " optional feature " and I leave it to you if you want to keep my card locked .
I just started using my MC .
A Visa card that used to get charged 2-3k a month in business charges now gets about $ 50 .
I think Visa completely , utterly screwed up with not only the idea , but the implementation , and the very approach of presenting the system .
A colossal failure for Visa and a big win for MC .
If MC starts it , rest assured , I will move to Discover and so on with Paypal at the end.A credit card is supposed to provide you with security and convenience .
This system gives you neither !
Now , you basically have the risk of a TON of cash sitting behind yet another password only \ _you \ _ are supposed to know .
There are better ways to provide FAR more security with a negligible loss of convenience at a slightly higher price ( ex : personal and one time pins ) , but I guess Visa just wanted to waste money tricking its customers into accepting a lot of the merchant 's and Visa 's risk .</tokentext>
<sentencetext>I am a long time credit card user (don't believe in cash).
I ran into this a few months back with Walmart online.
It actually looked like a scam.
And you are right about the security aspect, just an offloading of (increased) risk.
It pops out of no where and the new page's instructions clearly said it was optional and I can hit cancel.
BUT, there was no cancel button, I even looked in the source code.
So I closed the browser.This was considered \_fraudulent\_activity\_ and locked my card for a while (automatic, no warning).
I basically had to tell them: I don't want to sign up for the "optional feature" and I leave it to you if you want to keep my card locked.
I just started using my MC.
A Visa card that used to get charged 2-3k a month in business charges now gets about $50.
I think Visa completely, utterly screwed up with not only the idea, but the implementation, and the very approach of presenting the system.
A colossal failure for Visa and a big win for MC.
If MC starts it, rest assured, I will move to Discover and so on with Paypal at the end.A credit card is supposed to provide you with security and convenience.
This system gives you neither!
Now, you basically have the risk of a TON of cash sitting behind yet another password only \_you\_ are supposed to know.
There are better ways to provide FAR more security with a negligible loss of convenience at a slightly higher price (ex: personal and one time pins), but I guess Visa just wanted to waste money tricking its customers into accepting a lot of the merchant's and Visa's risk.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941708</id>
	<title>virtual cards</title>
	<author>vanyel</author>
	<datestamp>1264674960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is why I use a virtual card online (paypal offers them, and some banks do too) - generate a card, use it and then close it.  It's also handy for sites that force you to subscribe when you only want a brief access (e.g. I'm only an occasional wow player, so I pay for a month, close the card, don't have to pay for the rest of the time when I don't have time to play).</p></htmltext>
<tokenext>This is why I use a virtual card online ( paypal offers them , and some banks do too ) - generate a card , use it and then close it .
It 's also handy for sites that force you to subscribe when you only want a brief access ( e.g .
I 'm only an occasional wow player , so I pay for a month , close the card , do n't have to pay for the rest of the time when I do n't have time to play ) .</tokentext>
<sentencetext>This is why I use a virtual card online (paypal offers them, and some banks do too) - generate a card, use it and then close it.
It's also handy for sites that force you to subscribe when you only want a brief access (e.g.
I'm only an occasional wow player, so I pay for a month, close the card, don't have to pay for the rest of the time when I don't have time to play).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945438</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>BitZtream</author>
	<datestamp>1264697460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You realize MasterCard and Visa are really one and the same<nobr> <wbr></nobr>... right?</p></htmltext>
<tokenext>You realize MasterCard and Visa are really one and the same ... right ?</tokentext>
<sentencetext>You realize MasterCard and Visa are really one and the same ... right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376</id>
	<title>I'd rather use</title>
	<author>Anonymous</author>
	<datestamp>1264711200000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Single-use CC numbers.  But my Visa (issued by my Credit Union) doesn't have one, and AMEX doesn't do them any more.</p></htmltext>
<tokenext>Single-use CC numbers .
But my Visa ( issued by my Credit Union ) does n't have one , and AMEX does n't do them any more .</tokentext>
<sentencetext>Single-use CC numbers.
But my Visa (issued by my Credit Union) doesn't have one, and AMEX doesn't do them any more.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940916</id>
	<title>RSA keyfobs in credit cards</title>
	<author>ehud42</author>
	<datestamp>1264672500000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I would like to see my credit card display a time sync'd rolling number instead of the lame 3 digit code on the back of the card. As I see it, the problem with credit card fraud is not stolen cards, but stolen numbers. If I lose my card, I will know fairly soon and can have the card canceled. However, it may take quite a while to determine my number has been compromised. When shopping online I would like to enter my card number and a second number generated by the card. Cards expire after 2 years, so this should be doable from a battery life point of view. It could even be introduced as an extra fee initially to those who want the extra online shopping security.</p></htmltext>
<tokenext>I would like to see my credit card display a time sync 'd rolling number instead of the lame 3 digit code on the back of the card .
As I see it , the problem with credit card fraud is not stolen cards , but stolen numbers .
If I lose my card , I will know fairly soon and can have the card canceled .
However , it may take quite a while to determine my number has been compromised .
When shopping online I would like to enter my card number and a second number generated by the card .
Cards expire after 2 years , so this should be doable from a battery life point of view .
It could even be introduced as an extra fee initially to those who want the extra online shopping security .</tokentext>
<sentencetext>I would like to see my credit card display a time sync'd rolling number instead of the lame 3 digit code on the back of the card.
As I see it, the problem with credit card fraud is not stolen cards, but stolen numbers.
If I lose my card, I will know fairly soon and can have the card canceled.
However, it may take quite a while to determine my number has been compromised.
When shopping online I would like to enter my card number and a second number generated by the card.
Cards expire after 2 years, so this should be doable from a battery life point of view.
It could even be introduced as an extra fee initially to those who want the extra online shopping security.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939500</id>
	<title>Re:Lol</title>
	<author>ACMENEWSLLC</author>
	<datestamp>1264711560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My Chase MC and Visa required this to be setup and crazy passwords too, which I can't recall.   I rarely use my Chase cards anymore as a result.</p></htmltext>
<tokenext>My Chase MC and Visa required this to be setup and crazy passwords too , which I ca n't recall .
I rarely use my Chase cards anymore as a result .</tokentext>
<sentencetext>My Chase MC and Visa required this to be setup and crazy passwords too, which I can't recall.
I rarely use my Chase cards anymore as a result.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944518</id>
	<title>Re:Activation During Shopping</title>
	<author>Anonymous</author>
	<datestamp>1264688820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>You agree to immediately notify us by contacting us, as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information, or any other breach of security. You will be liable for any unauthorized activity involving use of your password or Activation Data, until we receive such notice.</i></p><p>The banks can claim whatever they like, but the law trumps whatever they claim. Your maximum liability is $50 if you notify the bank in a reasonable period of time after you become aware that your card was stolen.</p></htmltext>
<tokenext>You agree to immediately notify us by contacting us , as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information , or any other breach of security .
You will be liable for any unauthorized activity involving use of your password or Activation Data , until we receive such notice.The banks can claim whatever they like , but the law trumps whatever they claim .
Your maximum liability is $ 50 if you notify the bank in a reasonable period of time after you become aware that your card was stolen .</tokentext>
<sentencetext>You agree to immediately notify us by contacting us, as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information, or any other breach of security.
You will be liable for any unauthorized activity involving use of your password or Activation Data, until we receive such notice.The banks can claim whatever they like, but the law trumps whatever they claim.
Your maximum liability is $50 if you notify the bank in a reasonable period of time after you become aware that your card was stolen.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940036</id>
	<title>it kills sales</title>
	<author>Anonymous</author>
	<datestamp>1264670100000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>We had it forced on us by our payment provider and it killed sales, we had so many customers asking what their password was and where do they find it. We opted out of it.</p></htmltext>
<tokenext>We had it forced on us by our payment provider and it killed sales , we had so many customers asking what their password was and where do they find it .
We opted out of it .</tokentext>
<sentencetext>We had it forced on us by our payment provider and it killed sales, we had so many customers asking what their password was and where do they find it.
We opted out of it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948482</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264775820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>As a customer, the worst part is when the merchant doesn't bother to tell you "oh hey we're going to redirect you to this other site now" and first anti-XSS blocks the page transfer, then the page fails to work anyway thanks to noscript blocking the JS.</p><p>Even after I added all the appropriate whitelists, when I buy from a site that uses it, all it does is flash the logo up on the screen then take me back to the merchant's site where I finish the transaction.</p></div><p>Similar, NoScript blocks some URI:s that contain "(" and ")". Some ancient standards state that you shouldn't use these characters anywhere in an URL, but up until now, nobody have ever bothered. This problem is independent of NoScript being in blacklist or whitelist mode. I've written to the web masters of a couple of Swedish government sites that has this problem, they won't fix their pages because no other (huh!?) visitors uses Firefox with NoScript and suggest that I inactivate NoScript (which means I can't visit these govenrment sites at the same time as I do my regular web surfing, Firefox hithout NoScript is worse than Internet Explorer).</p></div>
	</htmltext>
<tokenext>As a customer , the worst part is when the merchant does n't bother to tell you " oh hey we 're going to redirect you to this other site now " and first anti-XSS blocks the page transfer , then the page fails to work anyway thanks to noscript blocking the JS.Even after I added all the appropriate whitelists , when I buy from a site that uses it , all it does is flash the logo up on the screen then take me back to the merchant 's site where I finish the transaction.Similar , NoScript blocks some URI : s that contain " ( " and " ) " .
Some ancient standards state that you should n't use these characters anywhere in an URL , but up until now , nobody have ever bothered .
This problem is independent of NoScript being in blacklist or whitelist mode .
I 've written to the web masters of a couple of Swedish government sites that has this problem , they wo n't fix their pages because no other ( huh ! ?
) visitors uses Firefox with NoScript and suggest that I inactivate NoScript ( which means I ca n't visit these govenrment sites at the same time as I do my regular web surfing , Firefox hithout NoScript is worse than Internet Explorer ) .</tokentext>
<sentencetext>As a customer, the worst part is when the merchant doesn't bother to tell you "oh hey we're going to redirect you to this other site now" and first anti-XSS blocks the page transfer, then the page fails to work anyway thanks to noscript blocking the JS.Even after I added all the appropriate whitelists, when I buy from a site that uses it, all it does is flash the logo up on the screen then take me back to the merchant's site where I finish the transaction.Similar, NoScript blocks some URI:s that contain "(" and ")".
Some ancient standards state that you shouldn't use these characters anywhere in an URL, but up until now, nobody have ever bothered.
This problem is independent of NoScript being in blacklist or whitelist mode.
I've written to the web masters of a couple of Swedish government sites that has this problem, they won't fix their pages because no other (huh!?
) visitors uses Firefox with NoScript and suggest that I inactivate NoScript (which means I can't visit these govenrment sites at the same time as I do my regular web surfing, Firefox hithout NoScript is worse than Internet Explorer).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939760</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941794</id>
	<title>No surprise</title>
	<author>sjames</author>
	<datestamp>1264675320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>The entire financial industry is about 2 things. First, skimming a few cents off of the top of any financial activity they can get their claws into and second, pushing any and all risks and costs onto the public.</p><p>Get wiped out by high risk loans? Get a bailout. Credit reporting systems so flimsy they can't even tell two people in the same apartment building apart? Spawn an entire industry for people to fix it at their own expense. Can't be bothered to implement a secure credit card system? Either make it the merchant's problem or the consumer's. Someone defrauds you out of some money? Demand it from the person they impersonated and tell them it's their problem (cost and obligation) to fix it (even though they're not the ones sending credit offers to dogs and toddlers).</p><p>In a just system, credit agencies munging data together based on practically nothing would be guilty of libel if they wrongly claim you're a deadbeat. Creditors would be obligated to show that you personally are the actual person they extended credit to before they could try to collect. There would be no such thing as "identity theft", only the usual run of the mill fraud.</p><p>In such a system, the banks would make sure credit card transactions were as secure as they could practically be because THEY would lose out when it fails.</p></htmltext>
<tokenext>The entire financial industry is about 2 things .
First , skimming a few cents off of the top of any financial activity they can get their claws into and second , pushing any and all risks and costs onto the public.Get wiped out by high risk loans ?
Get a bailout .
Credit reporting systems so flimsy they ca n't even tell two people in the same apartment building apart ?
Spawn an entire industry for people to fix it at their own expense .
Ca n't be bothered to implement a secure credit card system ?
Either make it the merchant 's problem or the consumer 's .
Someone defrauds you out of some money ?
Demand it from the person they impersonated and tell them it 's their problem ( cost and obligation ) to fix it ( even though they 're not the ones sending credit offers to dogs and toddlers ) .In a just system , credit agencies munging data together based on practically nothing would be guilty of libel if they wrongly claim you 're a deadbeat .
Creditors would be obligated to show that you personally are the actual person they extended credit to before they could try to collect .
There would be no such thing as " identity theft " , only the usual run of the mill fraud.In such a system , the banks would make sure credit card transactions were as secure as they could practically be because THEY would lose out when it fails .</tokentext>
<sentencetext>The entire financial industry is about 2 things.
First, skimming a few cents off of the top of any financial activity they can get their claws into and second, pushing any and all risks and costs onto the public.Get wiped out by high risk loans?
Get a bailout.
Credit reporting systems so flimsy they can't even tell two people in the same apartment building apart?
Spawn an entire industry for people to fix it at their own expense.
Can't be bothered to implement a secure credit card system?
Either make it the merchant's problem or the consumer's.
Someone defrauds you out of some money?
Demand it from the person they impersonated and tell them it's their problem (cost and obligation) to fix it (even though they're not the ones sending credit offers to dogs and toddlers).In a just system, credit agencies munging data together based on practically nothing would be guilty of libel if they wrongly claim you're a deadbeat.
Creditors would be obligated to show that you personally are the actual person they extended credit to before they could try to collect.
There would be no such thing as "identity theft", only the usual run of the mill fraud.In such a system, the banks would make sure credit card transactions were as secure as they could practically be because THEY would lose out when it fails.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947046</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>iangoldby</author>
	<datestamp>1264757820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>If I can fool you into giving me your 3DS password somehow, I can shop online as you with great false trust, and the merchants don't care because they're protected.</p></div></blockquote><p> You don't even need my password. The password restrictions are such that when I first was forced to start using "Verified by Visa" I could not remember my password. I pressed the 'forgot password' button and in order to reset my password and continue with the transaction I was asked to enter, guess what:</p><p># my VISA card number<br>and<br># my date of birth</p><p>(This is with a UK bank.) That's all. Assuming that the person trying to make a fraudulent purchase with my card number knows my card number (a safe assumption?) the only other bit of information they need is my date of birth. That really would not be very difficult to find out.</p><p>I forgot and reset my password about the first dozen times I used the system. I started putting in random passwords with no attempt to memorise them.</p><p>I thought this might flag up suspicious activity and my card be blocked, but... nothing.</p></div>
	</htmltext>
<tokenext>If I can fool you into giving me your 3DS password somehow , I can shop online as you with great false trust , and the merchants do n't care because they 're protected .
You do n't even need my password .
The password restrictions are such that when I first was forced to start using " Verified by Visa " I could not remember my password .
I pressed the 'forgot password ' button and in order to reset my password and continue with the transaction I was asked to enter , guess what : # my VISA card numberand # my date of birth ( This is with a UK bank .
) That 's all .
Assuming that the person trying to make a fraudulent purchase with my card number knows my card number ( a safe assumption ?
) the only other bit of information they need is my date of birth .
That really would not be very difficult to find out.I forgot and reset my password about the first dozen times I used the system .
I started putting in random passwords with no attempt to memorise them.I thought this might flag up suspicious activity and my card be blocked , but... nothing .</tokentext>
<sentencetext>If I can fool you into giving me your 3DS password somehow, I can shop online as you with great false trust, and the merchants don't care because they're protected.
You don't even need my password.
The password restrictions are such that when I first was forced to start using "Verified by Visa" I could not remember my password.
I pressed the 'forgot password' button and in order to reset my password and continue with the transaction I was asked to enter, guess what:# my VISA card numberand# my date of birth(This is with a UK bank.
) That's all.
Assuming that the person trying to make a fraudulent purchase with my card number knows my card number (a safe assumption?
) the only other bit of information they need is my date of birth.
That really would not be very difficult to find out.I forgot and reset my password about the first dozen times I used the system.
I started putting in random passwords with no attempt to memorise them.I thought this might flag up suspicious activity and my card be blocked, but... nothing.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943120</id>
	<title>A complex solution...</title>
	<author>Anonymous</author>
	<datestamp>1264680180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I agree.  The chip and PIN has its limits.  The magnetic strip is useless and outdated.  Here's my view</p><p>Most people use a single PIN for everything.  Hence it is part of a solution.  Multi-part authentication is key to increasing security.  Add in an RSA keyfob, and a personal public/private key certificate on the chip.  Here's how it works.</p><p>Waiter brings the payment device to the customer.  This device uses a network not part of the restaurant network.  A VPN tunnel will suffice, so long as it is encrypted.<br>
The customer inserts the card, and unlocks the PPK certificate with the PIN.  The PIN is comprised of letters and numbers, say 6-14 characters, eliminating the debit card PIN re-use.<br>
Finally, the transaction is authorized using the RSA keyfob's constantly changing number.</p><p>The system isn't foolproof.  The customer is always the weakest link, and businesses prefer to make spending easier, not harder.  It will eliminate the card swipe and make lifting the PIN harder.</p><p>Finally, require a voice print authorization from the card holder for purchases over $500 and/or purchases per day over a pre-set limit.  This will make stealing a card a lot less attractive.</p></htmltext>
<tokenext>I agree .
The chip and PIN has its limits .
The magnetic strip is useless and outdated .
Here 's my viewMost people use a single PIN for everything .
Hence it is part of a solution .
Multi-part authentication is key to increasing security .
Add in an RSA keyfob , and a personal public/private key certificate on the chip .
Here 's how it works.Waiter brings the payment device to the customer .
This device uses a network not part of the restaurant network .
A VPN tunnel will suffice , so long as it is encrypted .
The customer inserts the card , and unlocks the PPK certificate with the PIN .
The PIN is comprised of letters and numbers , say 6-14 characters , eliminating the debit card PIN re-use .
Finally , the transaction is authorized using the RSA keyfob 's constantly changing number.The system is n't foolproof .
The customer is always the weakest link , and businesses prefer to make spending easier , not harder .
It will eliminate the card swipe and make lifting the PIN harder.Finally , require a voice print authorization from the card holder for purchases over $ 500 and/or purchases per day over a pre-set limit .
This will make stealing a card a lot less attractive .</tokentext>
<sentencetext>I agree.
The chip and PIN has its limits.
The magnetic strip is useless and outdated.
Here's my viewMost people use a single PIN for everything.
Hence it is part of a solution.
Multi-part authentication is key to increasing security.
Add in an RSA keyfob, and a personal public/private key certificate on the chip.
Here's how it works.Waiter brings the payment device to the customer.
This device uses a network not part of the restaurant network.
A VPN tunnel will suffice, so long as it is encrypted.
The customer inserts the card, and unlocks the PPK certificate with the PIN.
The PIN is comprised of letters and numbers, say 6-14 characters, eliminating the debit card PIN re-use.
Finally, the transaction is authorized using the RSA keyfob's constantly changing number.The system isn't foolproof.
The customer is always the weakest link, and businesses prefer to make spending easier, not harder.
It will eliminate the card swipe and make lifting the PIN harder.Finally, require a voice print authorization from the card holder for purchases over $500 and/or purchases per day over a pre-set limit.
This will make stealing a card a lot less attractive.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939194</id>
	<title>Oh yeah, the world LOVES Obama!!!</title>
	<author>Anonymous</author>
	<datestamp>1264710720000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p><a href="http://blogs.telegraph.co.uk/news/nilegardiner/100024086/state-of-the-union-obama-gets-an-f-for-world-leadership/" title="telegraph.co.uk" rel="nofollow">http://blogs.telegraph.co.uk/news/nilegardiner/100024086/state-of-the-union-obama-gets-an-f-for-world-leadership/</a> [telegraph.co.uk]</p></htmltext>
<tokenext>http : //blogs.telegraph.co.uk/news/nilegardiner/100024086/state-of-the-union-obama-gets-an-f-for-world-leadership/ [ telegraph.co.uk ]</tokentext>
<sentencetext>http://blogs.telegraph.co.uk/news/nilegardiner/100024086/state-of-the-union-obama-gets-an-f-for-world-leadership/ [telegraph.co.uk]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940284</id>
	<title>What  Is The Point Of 6 Digit Password?</title>
	<author>tunapez</author>
	<datestamp>1264670820000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>I've used the service 3 times...guess how many times I've set/reset my "Verified by Visa" password. Rather than allow for a secure password(8+ characters, alpha-numeric-symbol) I am limited to 6 digits and remember yet another non-standard password? Might as well throw a captcha AND a question to doubly verify I am not a bot, too.</p></htmltext>
<tokenext>I 've used the service 3 times...guess how many times I 've set/reset my " Verified by Visa " password .
Rather than allow for a secure password ( 8 + characters , alpha-numeric-symbol ) I am limited to 6 digits and remember yet another non-standard password ?
Might as well throw a captcha AND a question to doubly verify I am not a bot , too .</tokentext>
<sentencetext>I've used the service 3 times...guess how many times I've set/reset my "Verified by Visa" password.
Rather than allow for a secure password(8+ characters, alpha-numeric-symbol) I am limited to 6 digits and remember yet another non-standard password?
Might as well throw a captcha AND a question to doubly verify I am not a bot, too.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939456</id>
	<title>Re:Lol</title>
	<author>Kamokazi</author>
	<datestamp>1264711440000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.  I closed the widow intending to buy it on my MC instead, but the payment still went through.  2 days later I got a call from the Visa fraud department...haha.  I told the lady the verified thing was a bullshit pain in the ass and she let me on my way.  Haven't used my Visa since.</htmltext>
<tokenext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever .
I closed the widow intending to buy it on my MC instead , but the payment still went through .
2 days later I got a call from the Visa fraud department...haha .
I told the lady the verified thing was a bullshit pain in the ass and she let me on my way .
Have n't used my Visa since .</tokentext>
<sentencetext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.
I closed the widow intending to buy it on my MC instead, but the payment still went through.
2 days later I got a call from the Visa fraud department...haha.
I told the lady the verified thing was a bullshit pain in the ass and she let me on my way.
Haven't used my Visa since.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170</id>
	<title>Activation During Shopping</title>
	<author>epine</author>
	<datestamp>1264673220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>My GF's great-grandmother passed away in November.  She was very close.</p><p>Weepy GF gets onto the web site of a regional Canadian carrier that prides itself on its customer service, selects her flight, and begins to fill out the VISA information.  After filling out most of the information she clicks "continue" and *bam* up comes VISA's activation during shopping page (ADS) with a giant "I agree" button under inscrutable masses of legal fine print.  She is in a fine state of mind for clicking her life away.</p><p>This happens right in the middle of the transaction, with no advance warning.  Not on the page before she began filling out the details: <i>to complete this transaction with your VISA card, you will be obligated to click "I agree" to the ADS terms of service, which shifts VISA's liability onto your shoulders and plays havoc with established web security practices and altogether makes the world a shittier place</i>.</p><p>All of this under the commercial maxim that instant gratification == learned helplessness.  Your average user will blindly click anything during gratification interruptus.</p><p>As it happens, my red-eyed GF muttered out loud "WTF is this?".  It took me about 30s to get past "HF those sleezy MFs".  Then I told her to slam down the virtual circuit on her half-completed web page transaction and start the transaction over again using an aging circuit-switched technology far less suited to rights erosion, and also more expensive for the airline to provide.  Real human at the other end.  What a PITA.</p><p>Brilliant lose-lose for everyone involved.</p><p>Two of the links I recorded checked this out:<br><a href="http://www.links.org/?p=591" title="links.org">Links More Banking Stupidity: Phished by Visa</a> [links.org]<br><a href="http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html" title="boingboing.net">Verified by Visa: British banks phish their own customers - Boing Boing</a> [boingboing.net]</p><p>Redacted portions of an online TOS from a large Canadian bank which has since gone 404.</p><p><div class="quote"><p>You agree not to: modify, adapt, sub-license, translate, sell, reverse engineer, decompile or disassemble any portion of the Verified by Visa Website or service or the software used in connection with Verified by Visa.</p><p>You agree to immediately notify us by contacting us, as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information, or any other breach of security. <b>You will be liable for any unauthorized activity involving use of your password or Activation Data, until we receive such notice.</b></p> </div><p> <b>Answer me this, Batman</b>:</p><p><tt>How is one supposed to notify the bank that you've lost control over the password, when you lose control to a phishing widget embedded in a concealed iFrame?</tt></p><p>I wrote that riddle back in November, and I'm no closer now to coming up with the solution.  FWIW, this agreement is probably less egregious than the one that came up under ADS, from a different major Canadian bank.  Bonus marks for completing this task <b>without first discovering how the service works</b> which violates your TOS.</p><p>This whole thing makes me seriously limbic.</p><p><a href="http://www.ted.com/talks/larry\_lessig\_says\_the\_law\_is\_strangling\_creativity.html" title="ted.com">Larry Lessig on laws that choke creativity</a> [ted.com] </p><p><div class="quote"><p>And on the other side, among our kids, there's a growing copyright abolitionism, a generation that rejects the very notion of what copyright is supposed to do, rejects copyright and believes that <b>the law is nothing more than an ass to be ignored and to be fought at every opportunity</b> possible. The extremism on one side begets extremism on the other, a fact we should have learned many, many times over, and both extremes in this debate are just wrong.</p></div><p>For the good of society, the law ought not to be an ass, and the VISA company ought to not be pushing the matter like a used car salesman at the helm of an invincible glass castle.</p></div>
	</htmltext>
<tokenext>My GF 's great-grandmother passed away in November .
She was very close.Weepy GF gets onto the web site of a regional Canadian carrier that prides itself on its customer service , selects her flight , and begins to fill out the VISA information .
After filling out most of the information she clicks " continue " and * bam * up comes VISA 's activation during shopping page ( ADS ) with a giant " I agree " button under inscrutable masses of legal fine print .
She is in a fine state of mind for clicking her life away.This happens right in the middle of the transaction , with no advance warning .
Not on the page before she began filling out the details : to complete this transaction with your VISA card , you will be obligated to click " I agree " to the ADS terms of service , which shifts VISA 's liability onto your shoulders and plays havoc with established web security practices and altogether makes the world a shittier place.All of this under the commercial maxim that instant gratification = = learned helplessness .
Your average user will blindly click anything during gratification interruptus.As it happens , my red-eyed GF muttered out loud " WTF is this ? " .
It took me about 30s to get past " HF those sleezy MFs " .
Then I told her to slam down the virtual circuit on her half-completed web page transaction and start the transaction over again using an aging circuit-switched technology far less suited to rights erosion , and also more expensive for the airline to provide .
Real human at the other end .
What a PITA.Brilliant lose-lose for everyone involved.Two of the links I recorded checked this out : Links More Banking Stupidity : Phished by Visa [ links.org ] Verified by Visa : British banks phish their own customers - Boing Boing [ boingboing.net ] Redacted portions of an online TOS from a large Canadian bank which has since gone 404.You agree not to : modify , adapt , sub-license , translate , sell , reverse engineer , decompile or disassemble any portion of the Verified by Visa Website or service or the software used in connection with Verified by Visa.You agree to immediately notify us by contacting us , as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information , or any other breach of security .
You will be liable for any unauthorized activity involving use of your password or Activation Data , until we receive such notice .
Answer me this , Batman : How is one supposed to notify the bank that you 've lost control over the password , when you lose control to a phishing widget embedded in a concealed iFrame ? I wrote that riddle back in November , and I 'm no closer now to coming up with the solution .
FWIW , this agreement is probably less egregious than the one that came up under ADS , from a different major Canadian bank .
Bonus marks for completing this task without first discovering how the service works which violates your TOS.This whole thing makes me seriously limbic.Larry Lessig on laws that choke creativity [ ted.com ] And on the other side , among our kids , there 's a growing copyright abolitionism , a generation that rejects the very notion of what copyright is supposed to do , rejects copyright and believes that the law is nothing more than an ass to be ignored and to be fought at every opportunity possible .
The extremism on one side begets extremism on the other , a fact we should have learned many , many times over , and both extremes in this debate are just wrong.For the good of society , the law ought not to be an ass , and the VISA company ought to not be pushing the matter like a used car salesman at the helm of an invincible glass castle .</tokentext>
<sentencetext>My GF's great-grandmother passed away in November.
She was very close.Weepy GF gets onto the web site of a regional Canadian carrier that prides itself on its customer service, selects her flight, and begins to fill out the VISA information.
After filling out most of the information she clicks "continue" and *bam* up comes VISA's activation during shopping page (ADS) with a giant "I agree" button under inscrutable masses of legal fine print.
She is in a fine state of mind for clicking her life away.This happens right in the middle of the transaction, with no advance warning.
Not on the page before she began filling out the details: to complete this transaction with your VISA card, you will be obligated to click "I agree" to the ADS terms of service, which shifts VISA's liability onto your shoulders and plays havoc with established web security practices and altogether makes the world a shittier place.All of this under the commercial maxim that instant gratification == learned helplessness.
Your average user will blindly click anything during gratification interruptus.As it happens, my red-eyed GF muttered out loud "WTF is this?".
It took me about 30s to get past "HF those sleezy MFs".
Then I told her to slam down the virtual circuit on her half-completed web page transaction and start the transaction over again using an aging circuit-switched technology far less suited to rights erosion, and also more expensive for the airline to provide.
Real human at the other end.
What a PITA.Brilliant lose-lose for everyone involved.Two of the links I recorded checked this out:Links More Banking Stupidity: Phished by Visa [links.org]Verified by Visa: British banks phish their own customers - Boing Boing [boingboing.net]Redacted portions of an online TOS from a large Canadian bank which has since gone 404.You agree not to: modify, adapt, sub-license, translate, sell, reverse engineer, decompile or disassemble any portion of the Verified by Visa Website or service or the software used in connection with Verified by Visa.You agree to immediately notify us by contacting us, as we require in our cardholder agreement with you for a lost or stolen card of any unauthorized use of your password or other verification information, or any other breach of security.
You will be liable for any unauthorized activity involving use of your password or Activation Data, until we receive such notice.
Answer me this, Batman:How is one supposed to notify the bank that you've lost control over the password, when you lose control to a phishing widget embedded in a concealed iFrame?I wrote that riddle back in November, and I'm no closer now to coming up with the solution.
FWIW, this agreement is probably less egregious than the one that came up under ADS, from a different major Canadian bank.
Bonus marks for completing this task without first discovering how the service works which violates your TOS.This whole thing makes me seriously limbic.Larry Lessig on laws that choke creativity [ted.com] And on the other side, among our kids, there's a growing copyright abolitionism, a generation that rejects the very notion of what copyright is supposed to do, rejects copyright and believes that the law is nothing more than an ass to be ignored and to be fought at every opportunity possible.
The extremism on one side begets extremism on the other, a fact we should have learned many, many times over, and both extremes in this debate are just wrong.For the good of society, the law ought not to be an ass, and the VISA company ought to not be pushing the matter like a used car salesman at the helm of an invincible glass castle.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939316</id>
	<title>Re:Lol</title>
	<author>satoshi1</author>
	<datestamp>1264711080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That's probably what people will fail to realize as they start commenting on this article.</htmltext>
<tokenext>That 's probably what people will fail to realize as they start commenting on this article .</tokentext>
<sentencetext>That's probably what people will fail to realize as they start commenting on this article.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30955604</id>
	<title>Re:Lol</title>
	<author>jecblackpepper</author>
	<datestamp>1264761840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Verified-by-Visa is intended to be a card holder authentication step. If you cancel then all that means is that the merchant hasn't authenticated the card holder and they can decide to take the risk themselves and rely instead on other fraud checks.</htmltext>
<tokenext>Verified-by-Visa is intended to be a card holder authentication step .
If you cancel then all that means is that the merchant has n't authenticated the card holder and they can decide to take the risk themselves and rely instead on other fraud checks .</tokentext>
<sentencetext>Verified-by-Visa is intended to be a card holder authentication step.
If you cancel then all that means is that the merchant hasn't authenticated the card holder and they can decide to take the risk themselves and rely instead on other fraud checks.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940900</id>
	<title>Re:Lol</title>
	<author>Anonymous</author>
	<datestamp>1264672440000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>I mis-guessed my verified-by-visa password multiple times on a newegg order and then gave up.  The payment went through.</p><p>It reminds me of [insider knowledge, that's why I'm posting AC] something my state's unemployment system is about to implement.  They're going to have a voice system where people can call in, change what bank account their claims will go into, etc.  Of course, to do this, the claimant needs to know their PIN.  If they don't know their PIN, though, they can reset their PIN to anything they want, without verifying their identity in any way.  If you know someone's SSN, you can have their payments go to you, without knowing anything else.  So what's the PIN for?</p></htmltext>
<tokenext>I mis-guessed my verified-by-visa password multiple times on a newegg order and then gave up .
The payment went through.It reminds me of [ insider knowledge , that 's why I 'm posting AC ] something my state 's unemployment system is about to implement .
They 're going to have a voice system where people can call in , change what bank account their claims will go into , etc .
Of course , to do this , the claimant needs to know their PIN .
If they do n't know their PIN , though , they can reset their PIN to anything they want , without verifying their identity in any way .
If you know someone 's SSN , you can have their payments go to you , without knowing anything else .
So what 's the PIN for ?</tokentext>
<sentencetext>I mis-guessed my verified-by-visa password multiple times on a newegg order and then gave up.
The payment went through.It reminds me of [insider knowledge, that's why I'm posting AC] something my state's unemployment system is about to implement.
They're going to have a voice system where people can call in, change what bank account their claims will go into, etc.
Of course, to do this, the claimant needs to know their PIN.
If they don't know their PIN, though, they can reset their PIN to anything they want, without verifying their identity in any way.
If you know someone's SSN, you can have their payments go to you, without knowing anything else.
So what's the PIN for?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30946608</id>
	<title>I *really* switched credit cards</title>
	<author>rdebath</author>
	<datestamp>1264796100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
That's the whole reason I got an Amex card.
</p><p>
Of course now I do well over 90\% of my offline card transactions with Amex too.
</p><p>
Shame.</p></htmltext>
<tokenext>That 's the whole reason I got an Amex card .
Of course now I do well over 90 \ % of my offline card transactions with Amex too .
Shame .</tokentext>
<sentencetext>
That's the whole reason I got an Amex card.
Of course now I do well over 90\% of my offline card transactions with Amex too.
Shame.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940544</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>rickb928</author>
	<datestamp>1264671480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sometimes it's called risk avoidance, sometimes risk sharing, sometimes risk transfer.</p><p>It isn't sharing believe me.  Wherever possible, processors and issuers will try to palm the risk off on the merchant, or the customer.</p><p>While fraud prevention is a massive issue, there is no sure method to detect it.  And online merchants suffer both more fraud and more penalties.  They often pay higher fees to cover the inevitable fraud expenses.</p><p>Even address verification is not enough.  I'm not signing up for this, it means nothing yet.</p></htmltext>
<tokenext>Sometimes it 's called risk avoidance , sometimes risk sharing , sometimes risk transfer.It is n't sharing believe me .
Wherever possible , processors and issuers will try to palm the risk off on the merchant , or the customer.While fraud prevention is a massive issue , there is no sure method to detect it .
And online merchants suffer both more fraud and more penalties .
They often pay higher fees to cover the inevitable fraud expenses.Even address verification is not enough .
I 'm not signing up for this , it means nothing yet .</tokentext>
<sentencetext>Sometimes it's called risk avoidance, sometimes risk sharing, sometimes risk transfer.It isn't sharing believe me.
Wherever possible, processors and issuers will try to palm the risk off on the merchant, or the customer.While fraud prevention is a massive issue, there is no sure method to detect it.
And online merchants suffer both more fraud and more penalties.
They often pay higher fees to cover the inevitable fraud expenses.Even address verification is not enough.
I'm not signing up for this, it means nothing yet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942712</id>
	<title>Here is the original paper</title>
	<author>Anonymous</author>
	<datestamp>1264678440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The link in TFA is broken.</p><p>Here is the original paper:</p><p><a href="http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf" title="cam.ac.uk" rel="nofollow">http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf</a> [cam.ac.uk]</p></htmltext>
<tokenext>The link in TFA is broken.Here is the original paper : http : //www.cl.cam.ac.uk/ ~ rja14/Papers/fc10vbvsecurecode.pdf [ cam.ac.uk ]</tokentext>
<sentencetext>The link in TFA is broken.Here is the original paper:http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf [cam.ac.uk]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940300</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264670880000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>Always call your bank / credit card company before going abroad. It will save you hassle especially if you don't travel. Anything that appears to be out of the ordinary will get questioned.</htmltext>
<tokenext>Always call your bank / credit card company before going abroad .
It will save you hassle especially if you do n't travel .
Anything that appears to be out of the ordinary will get questioned .</tokentext>
<sentencetext>Always call your bank / credit card company before going abroad.
It will save you hassle especially if you don't travel.
Anything that appears to be out of the ordinary will get questioned.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940146</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264670460000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>You mean your VbV system doesn't use an RSA token as part of the logon? How silly.<br>(I use the same one for online banking and VbV - not entirely sure how that's set up, but it does seem like a step up from password-only.)</p></htmltext>
<tokenext>You mean your VbV system does n't use an RSA token as part of the logon ?
How silly .
( I use the same one for online banking and VbV - not entirely sure how that 's set up , but it does seem like a step up from password-only .
)</tokentext>
<sentencetext>You mean your VbV system doesn't use an RSA token as part of the logon?
How silly.
(I use the same one for online banking and VbV - not entirely sure how that's set up, but it does seem like a step up from password-only.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940706</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>steelfood</author>
	<datestamp>1264671900000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>Plane ticket: $350<br>Hotel room for 5 nights: $500<br>Rental car for 6 days: $200<br>Broadway show tickets for two: $300<br>Finding out your VISA card doesn't work but your Master Card does: priceless.</p></htmltext>
<tokenext>Plane ticket : $ 350Hotel room for 5 nights : $ 500Rental car for 6 days : $ 200Broadway show tickets for two : $ 300Finding out your VISA card does n't work but your Master Card does : priceless .</tokentext>
<sentencetext>Plane ticket: $350Hotel room for 5 nights: $500Rental car for 6 days: $200Broadway show tickets for two: $300Finding out your VISA card doesn't work but your Master Card does: priceless.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944176</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>ivucica</author>
	<datestamp>1264686480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Bit like the <b>DNA-as-evidence</b>  which is a similar joke. If I can plant
your <b>DNA or your fingerprint</b>, I can go killing as you and good luck
trying to explain that to the Police.</p></div></blockquote><p>

FTFY.</p></div>
	</htmltext>
<tokenext>Bit like the DNA-as-evidence which is a similar joke .
If I can plant your DNA or your fingerprint , I can go killing as you and good luck trying to explain that to the Police .
FTFY .</tokentext>
<sentencetext>Bit like the DNA-as-evidence  which is a similar joke.
If I can plant
your DNA or your fingerprint, I can go killing as you and good luck
trying to explain that to the Police.
FTFY.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940090</id>
	<title>Re:Lol</title>
	<author>m.dillon</author>
	<datestamp>1264670280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well, VbV's security issues are a problem for Visa to solve.  It's great for merchants who sell high-priced items (like NewEgg, camera stores, etc).  Many smaller merchants who had to go through a whole back-and-forth thing with the customer and credit card company before (for large, expensive orders) can now just use VbV for the same high-priced purchase instead.  Higher volume merchants like NewEgg can streamline their credit checks with VbV and even allow shipments to addresses other than the billing address.</p><p>I'm not sure why people are saying that it transfers liability to the customer, it doesn't.  The liability is transfered from the merchant to the Visa (well, actually the issuing bank I think).  Customers are not liable for fraudulent use of a credit card by VbV or anything else.</p><p>-Matt</p></htmltext>
<tokenext>Well , VbV 's security issues are a problem for Visa to solve .
It 's great for merchants who sell high-priced items ( like NewEgg , camera stores , etc ) .
Many smaller merchants who had to go through a whole back-and-forth thing with the customer and credit card company before ( for large , expensive orders ) can now just use VbV for the same high-priced purchase instead .
Higher volume merchants like NewEgg can streamline their credit checks with VbV and even allow shipments to addresses other than the billing address.I 'm not sure why people are saying that it transfers liability to the customer , it does n't .
The liability is transfered from the merchant to the Visa ( well , actually the issuing bank I think ) .
Customers are not liable for fraudulent use of a credit card by VbV or anything else.-Matt</tokentext>
<sentencetext>Well, VbV's security issues are a problem for Visa to solve.
It's great for merchants who sell high-priced items (like NewEgg, camera stores, etc).
Many smaller merchants who had to go through a whole back-and-forth thing with the customer and credit card company before (for large, expensive orders) can now just use VbV for the same high-priced purchase instead.
Higher volume merchants like NewEgg can streamline their credit checks with VbV and even allow shipments to addresses other than the billing address.I'm not sure why people are saying that it transfers liability to the customer, it doesn't.
The liability is transfered from the merchant to the Visa (well, actually the issuing bank I think).
Customers are not liable for fraudulent use of a credit card by VbV or anything else.-Matt</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264711740000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>My Visa card was declined constantly when I was over in the States (from the UK) on business.  I phoned my bank and they said it was declined because a chip and pin device wasn't used.  Of course it wasn't - they don't have chip and pin in the states.  So my Visa card is useless abroad?  No matter - I had a Mastercard, which worked perfectly.  No prizes for guessing which I'll be using in future.</p></htmltext>
<tokenext>My Visa card was declined constantly when I was over in the States ( from the UK ) on business .
I phoned my bank and they said it was declined because a chip and pin device was n't used .
Of course it was n't - they do n't have chip and pin in the states .
So my Visa card is useless abroad ?
No matter - I had a Mastercard , which worked perfectly .
No prizes for guessing which I 'll be using in future .</tokentext>
<sentencetext>My Visa card was declined constantly when I was over in the States (from the UK) on business.
I phoned my bank and they said it was declined because a chip and pin device wasn't used.
Of course it wasn't - they don't have chip and pin in the states.
So my Visa card is useless abroad?
No matter - I had a Mastercard, which worked perfectly.
No prizes for guessing which I'll be using in future.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30951952</id>
	<title>Re:Lol</title>
	<author>osmosium</author>
	<datestamp>1264790100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I know what you mean about Newegg.  But heres a tip:  When you get to the "Verified by Visa" after placing your order w/Newegg, just ignore it.  Its meaningless, it doesnt work, and if you ignore it, your order will go through anyway.</htmltext>
<tokenext>I know what you mean about Newegg .
But heres a tip : When you get to the " Verified by Visa " after placing your order w/Newegg , just ignore it .
Its meaningless , it doesnt work , and if you ignore it , your order will go through anyway .</tokentext>
<sentencetext>I know what you mean about Newegg.
But heres a tip:  When you get to the "Verified by Visa" after placing your order w/Newegg, just ignore it.
Its meaningless, it doesnt work, and if you ignore it, your order will go through anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939322</id>
	<title>Re:Lol</title>
	<author>Anonymous</author>
	<datestamp>1264711080000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext>It's not.  I tried making a purchase on newegg, got the the Verified by Visa page, but the frame didn't show anything.  Assuming that the purchase wouldn't go through, I tried making the same purchase on my other computer.  Frame loaded, entered password, purchase went through.  However, the first purchase went through, even though I never entered the password for that one.  So yeah, I'm guessing it doesn't really do anything to protect you.</htmltext>
<tokenext>It 's not .
I tried making a purchase on newegg , got the the Verified by Visa page , but the frame did n't show anything .
Assuming that the purchase would n't go through , I tried making the same purchase on my other computer .
Frame loaded , entered password , purchase went through .
However , the first purchase went through , even though I never entered the password for that one .
So yeah , I 'm guessing it does n't really do anything to protect you .</tokentext>
<sentencetext>It's not.
I tried making a purchase on newegg, got the the Verified by Visa page, but the frame didn't show anything.
Assuming that the purchase wouldn't go through, I tried making the same purchase on my other computer.
Frame loaded, entered password, purchase went through.
However, the first purchase went through, even though I never entered the password for that one.
So yeah, I'm guessing it doesn't really do anything to protect you.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940418</id>
	<title>You don't even need the password</title>
	<author>beneppel</author>
	<datestamp>1264671180000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I recently forgot my verified by visa password - the only security question it asked me that wasn't printed on the card was my date of birth - it's not the first time I've had to reset my password, and each time the question is the same. That means if somebody has my card, all they need to know is my date of birth, and they can reset my 3DS password easily.</htmltext>
<tokenext>I recently forgot my verified by visa password - the only security question it asked me that was n't printed on the card was my date of birth - it 's not the first time I 've had to reset my password , and each time the question is the same .
That means if somebody has my card , all they need to know is my date of birth , and they can reset my 3DS password easily .</tokentext>
<sentencetext>I recently forgot my verified by visa password - the only security question it asked me that wasn't printed on the card was my date of birth - it's not the first time I've had to reset my password, and each time the question is the same.
That means if somebody has my card, all they need to know is my date of birth, and they can reset my 3DS password easily.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942898</id>
	<title>Same company</title>
	<author>Anonymous</author>
	<datestamp>1264679160000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><p>You realize that Visa &amp; Mastercard are the same company... right?  I guess they still operate somewhat independently, though.</p></htmltext>
<tokenext>You realize that Visa &amp; Mastercard are the same company... right ? I guess they still operate somewhat independently , though .</tokentext>
<sentencetext>You realize that Visa &amp; Mastercard are the same company... right?  I guess they still operate somewhat independently, though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</id>
	<title>Welcome to 3 years ago</title>
	<author>rnicey</author>
	<datestamp>1264711020000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>I'm in the high risk card not present industry and if it wasn't so painful it'd be funny how bad it is.</p><p>3DS solves problems for Visa and nobody else. It transfers the liability from the merchant to the customer. No more 'it wasn't me'.</p><p>Only problem is, it's crap.</p><p>Bit like the chip and pin problem in the UK which is a similar joke. If I can get your card and your pin I can go shopping as you and good luck trying to explain that to the bank.</p><p>If I can fool you into giving me your 3DS password somehow, I can shop online as you with great false trust, and the merchants don't care because they're protected. Kind of.</p><p>Most merchants refuse to deploy it anyhow unless forced. It causes a 5-8\% immediate drop in throughput. I wouldn't use a site that used it either.</p></htmltext>
<tokenext>I 'm in the high risk card not present industry and if it was n't so painful it 'd be funny how bad it is.3DS solves problems for Visa and nobody else .
It transfers the liability from the merchant to the customer .
No more 'it was n't me'.Only problem is , it 's crap.Bit like the chip and pin problem in the UK which is a similar joke .
If I can get your card and your pin I can go shopping as you and good luck trying to explain that to the bank.If I can fool you into giving me your 3DS password somehow , I can shop online as you with great false trust , and the merchants do n't care because they 're protected .
Kind of.Most merchants refuse to deploy it anyhow unless forced .
It causes a 5-8 \ % immediate drop in throughput .
I would n't use a site that used it either .</tokentext>
<sentencetext>I'm in the high risk card not present industry and if it wasn't so painful it'd be funny how bad it is.3DS solves problems for Visa and nobody else.
It transfers the liability from the merchant to the customer.
No more 'it wasn't me'.Only problem is, it's crap.Bit like the chip and pin problem in the UK which is a similar joke.
If I can get your card and your pin I can go shopping as you and good luck trying to explain that to the bank.If I can fool you into giving me your 3DS password somehow, I can shop online as you with great false trust, and the merchants don't care because they're protected.
Kind of.Most merchants refuse to deploy it anyhow unless forced.
It causes a 5-8\% immediate drop in throughput.
I wouldn't use a site that used it either.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940408</id>
	<title>Of Course It's Insecure!</title>
	<author>Spiffy</author>
	<datestamp>1264671120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If somebody puts a keylogger on your Windows box, they'll get what they need no matter how many passwords you are required to type. Adding another password to the stack adds zero security; it just makes it easier for the credit card company to claim you are truly responsible for the transaction. <i>"It can't possibly be fraudulent--it was Verified by Visa(TM)!"</i> </p><p>I try to avoid doing business with anyone who requires me to go through VbV. I know it's not there to protect <strong>me</strong>.</p></htmltext>
<tokenext>If somebody puts a keylogger on your Windows box , they 'll get what they need no matter how many passwords you are required to type .
Adding another password to the stack adds zero security ; it just makes it easier for the credit card company to claim you are truly responsible for the transaction .
" It ca n't possibly be fraudulent--it was Verified by Visa ( TM ) !
" I try to avoid doing business with anyone who requires me to go through VbV .
I know it 's not there to protect me .</tokentext>
<sentencetext>If somebody puts a keylogger on your Windows box, they'll get what they need no matter how many passwords you are required to type.
Adding another password to the stack adds zero security; it just makes it easier for the credit card company to claim you are truly responsible for the transaction.
"It can't possibly be fraudulent--it was Verified by Visa(TM)!
" I try to avoid doing business with anyone who requires me to go through VbV.
I know it's not there to protect me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948014</id>
	<title>Re:</title>
	<author>clint999</author>
	<datestamp>1264771800000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><blockquote><div><p>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.  I closed the widow intending to buy it on my MC instead, but the payment still went through.  2 days later I got a call from the Visa fraud department...haha.  I told the lady the verified thing was a bull**** pain in the ass and she let me on my way.  Haven't used my Visa since.</p></div></blockquote></div>
	</htmltext>
<tokenext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever .
I closed the widow intending to buy it on my MC instead , but the payment still went through .
2 days later I got a call from the Visa fraud department...haha .
I told the lady the verified thing was a bull * * * * pain in the ass and she let me on my way .
Have n't used my Visa since .</tokentext>
<sentencetext>I used my Visa instead of my usual MC on Newegg for a Christmas gift and it came up for the first time ever.
I closed the widow intending to buy it on my MC instead, but the payment still went through.
2 days later I got a call from the Visa fraud department...haha.
I told the lady the verified thing was a bull**** pain in the ass and she let me on my way.
Haven't used my Visa since.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944372</id>
	<title>Not only insecure, WORTHLESS</title>
	<author>macbuzz01</author>
	<datestamp>1264687860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I recently made a purchase through newegg.com.  Used my trusty VISA, was redirected to the VbyV site, realized I didn't know my password, clicked cancel and figured the transaction was done when I canceled out of the VbyV.  Got my Discover and completed the transaction.  Low and behold, what shows up in my email, but two tracking numbers for identical shipments with both my Visa and Discover getting charged!  <br>After some investigating with both newegg and my bank, turns out that the merchant can choose what to do when they get a failed VbyV transaction.  <br> <br>Talk about a perfect "no it's their fault" situation  <br> <br>Next on "security theater"...</htmltext>
<tokenext>I recently made a purchase through newegg.com .
Used my trusty VISA , was redirected to the VbyV site , realized I did n't know my password , clicked cancel and figured the transaction was done when I canceled out of the VbyV .
Got my Discover and completed the transaction .
Low and behold , what shows up in my email , but two tracking numbers for identical shipments with both my Visa and Discover getting charged !
After some investigating with both newegg and my bank , turns out that the merchant can choose what to do when they get a failed VbyV transaction .
Talk about a perfect " no it 's their fault " situation Next on " security theater " .. .</tokentext>
<sentencetext>I recently made a purchase through newegg.com.
Used my trusty VISA, was redirected to the VbyV site, realized I didn't know my password, clicked cancel and figured the transaction was done when I canceled out of the VbyV.
Got my Discover and completed the transaction.
Low and behold, what shows up in my email, but two tracking numbers for identical shipments with both my Visa and Discover getting charged!
After some investigating with both newegg and my bank, turns out that the merchant can choose what to do when they get a failed VbyV transaction.
Talk about a perfect "no it's their fault" situation   Next on "security theater"...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939664</id>
	<title>Re:Lol</title>
	<author>Anonymous</author>
	<datestamp>1264712100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I placed an order at Newegg, got the verified by visa screen and noticed the amount had changed because newegg had adjusted the quantities in the previous screen and I didn't notice.</p><p>I hit cancel at the verified by visa but the order still went through and got charged for it. Bizarre.</p></htmltext>
<tokenext>I placed an order at Newegg , got the verified by visa screen and noticed the amount had changed because newegg had adjusted the quantities in the previous screen and I did n't notice.I hit cancel at the verified by visa but the order still went through and got charged for it .
Bizarre .</tokentext>
<sentencetext>I placed an order at Newegg, got the verified by visa screen and noticed the amount had changed because newegg had adjusted the quantities in the previous screen and I didn't notice.I hit cancel at the verified by visa but the order still went through and got charged for it.
Bizarre.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943658</id>
	<title>Doesn't work the same with all banks</title>
	<author>the\_arrow</author>
	<datestamp>1264683180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>While some of the problems exist for me, some others don't. For example it is shown in an iframe, but I don't enter a simple password. Instead my bank have a challenge-reply system, where I need physical access to my card, know it's pin-code, know my personal number (Swedens version of social security number) and use a special device given out by the bank. Yes, the iframe can still be hijacked, but all the hijacker will know is my personal number, and a one time code (which is generated differently from the one used to log into the bank, which is different from the one used to sign bills and transfers).</p></htmltext>
<tokenext>While some of the problems exist for me , some others do n't .
For example it is shown in an iframe , but I do n't enter a simple password .
Instead my bank have a challenge-reply system , where I need physical access to my card , know it 's pin-code , know my personal number ( Swedens version of social security number ) and use a special device given out by the bank .
Yes , the iframe can still be hijacked , but all the hijacker will know is my personal number , and a one time code ( which is generated differently from the one used to log into the bank , which is different from the one used to sign bills and transfers ) .</tokentext>
<sentencetext>While some of the problems exist for me, some others don't.
For example it is shown in an iframe, but I don't enter a simple password.
Instead my bank have a challenge-reply system, where I need physical access to my card, know it's pin-code, know my personal number (Swedens version of social security number) and use a special device given out by the bank.
Yes, the iframe can still be hijacked, but all the hijacker will know is my personal number, and a one time code (which is generated differently from the one used to log into the bank, which is different from the one used to sign bills and transfers).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940672</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264671840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>As a buyer, I refuse to do business with any company that I haven't visited directly that doesn't take PayPal. I am not giving my credit card or bank account number directly to any establishment. While PayPal may get dinged for freezing money on sellers accounts, I'd say most of the freezes are put on scammy accounts rather than trustable accounts.</p><p>As a purchaser - it's PayPal or the Highway. It's not worth the risk to have to evaluate every single company for honesty. (And my neighbor works for PayPal, so if I ever encountered problems with them, he'd help. But so far zero problems with PayPal in a decade.) PayPal will intercede on my behalf if the company I'm buying from gives me a hard time, so it's the reverse of this situation - instead of 3DS transferring the liability to me, I'm instead transferring the liability to PayPal, so it's a total win for me.</p></htmltext>
<tokenext>As a buyer , I refuse to do business with any company that I have n't visited directly that does n't take PayPal .
I am not giving my credit card or bank account number directly to any establishment .
While PayPal may get dinged for freezing money on sellers accounts , I 'd say most of the freezes are put on scammy accounts rather than trustable accounts.As a purchaser - it 's PayPal or the Highway .
It 's not worth the risk to have to evaluate every single company for honesty .
( And my neighbor works for PayPal , so if I ever encountered problems with them , he 'd help .
But so far zero problems with PayPal in a decade .
) PayPal will intercede on my behalf if the company I 'm buying from gives me a hard time , so it 's the reverse of this situation - instead of 3DS transferring the liability to me , I 'm instead transferring the liability to PayPal , so it 's a total win for me .</tokentext>
<sentencetext>As a buyer, I refuse to do business with any company that I haven't visited directly that doesn't take PayPal.
I am not giving my credit card or bank account number directly to any establishment.
While PayPal may get dinged for freezing money on sellers accounts, I'd say most of the freezes are put on scammy accounts rather than trustable accounts.As a purchaser - it's PayPal or the Highway.
It's not worth the risk to have to evaluate every single company for honesty.
(And my neighbor works for PayPal, so if I ever encountered problems with them, he'd help.
But so far zero problems with PayPal in a decade.
) PayPal will intercede on my behalf if the company I'm buying from gives me a hard time, so it's the reverse of this situation - instead of 3DS transferring the liability to me, I'm instead transferring the liability to PayPal, so it's a total win for me.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940184</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>slimjim8094</author>
	<datestamp>1264670520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I wish we did. I've seen a few devices in the past year that were Chip and PIN (one was at a nearby CVS... can't remember the rest).</p><p>Still not sure how it's more secure than a normal magstripe. I guess you can't clone a chip so easily as a magstripe... but that's why I consider my plastic only slightly more "lose-able" than cash, and still keep it safe</p></htmltext>
<tokenext>I wish we did .
I 've seen a few devices in the past year that were Chip and PIN ( one was at a nearby CVS... ca n't remember the rest ) .Still not sure how it 's more secure than a normal magstripe .
I guess you ca n't clone a chip so easily as a magstripe... but that 's why I consider my plastic only slightly more " lose-able " than cash , and still keep it safe</tokentext>
<sentencetext>I wish we did.
I've seen a few devices in the past year that were Chip and PIN (one was at a nearby CVS... can't remember the rest).Still not sure how it's more secure than a normal magstripe.
I guess you can't clone a chip so easily as a magstripe... but that's why I consider my plastic only slightly more "lose-able" than cash, and still keep it safe</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943834</id>
	<title>Re:RSA keyfobs in credit cards</title>
	<author>kafka47</author>
	<datestamp>1264684140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
RSA Security has a 2-factor OTP device in a credit card form-factor. It is very slick.
</p></htmltext>
<tokenext>RSA Security has a 2-factor OTP device in a credit card form-factor .
It is very slick .</tokentext>
<sentencetext>
RSA Security has a 2-factor OTP device in a credit card form-factor.
It is very slick.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940916</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948970</id>
	<title>Re:Welcome to 3 years ago</title>
	<author>jrumney</author>
	<datestamp>1264778640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>If I can fool you into giving me your 3DS password somehow</p></div></blockquote><p>
Why you you need to do that? Just click the "Forgot my Password" button and you can reset the password to whatever you want, using the same information you need to make the purchase plus one piece of information which can be looked up in public records.
</p></div>
	</htmltext>
<tokenext>If I can fool you into giving me your 3DS password somehow Why you you need to do that ?
Just click the " Forgot my Password " button and you can reset the password to whatever you want , using the same information you need to make the purchase plus one piece of information which can be looked up in public records .</tokentext>
<sentencetext>If I can fool you into giving me your 3DS password somehow
Why you you need to do that?
Just click the "Forgot my Password" button and you can reset the password to whatever you want, using the same information you need to make the purchase plus one piece of information which can be looked up in public records.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30946628</id>
	<title>Pradeep Chandar</title>
	<author>itpradeepchandar</author>
	<datestamp>1264796340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Insane Discussion<nobr> <wbr></nobr>.... None of the discussion is proving a point here... It is something Like Venus Project from Zeitgeist like discussing Democracy is Bad... Think thru the Other way around................</htmltext>
<tokenext>Insane Discussion .... None of the discussion is proving a point here... It is something Like Venus Project from Zeitgeist like discussing Democracy is Bad... Think thru the Other way around............... .</tokentext>
<sentencetext>Insane Discussion .... None of the discussion is proving a point here... It is something Like Venus Project from Zeitgeist like discussing Democracy is Bad... Think thru the Other way around................</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939664
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945556
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943342
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30951952
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944976
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940408
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941036
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940300
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943160
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940176
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30969218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947046
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941824
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939634
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30952514
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940184
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939322
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940706
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944324
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940090
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939316
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940916
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942216
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942898
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947674
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940524
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941794
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940544
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940648
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948970
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940900
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939578
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947206
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948482
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939760
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945438
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944158
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940286
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947366
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944176
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30955604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30946608
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939456
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939500
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_28_195216_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942310
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939260
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939316
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939322
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939456
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940120
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30951952
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942310
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939664
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940032
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30955604
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940900
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940524
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940098
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939500
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939374
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30946608
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943342
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945556
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941170
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944518
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947366
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939308
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30969218
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941824
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940146
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939578
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30952514
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941794
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942216
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947264
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939760
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948482
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30948970
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940672
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943160
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944158
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944176
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947046
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939634
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939568
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940300
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30941036
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943698
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940184
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940648
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30942898
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944324
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947674
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30945438
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940706
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940544
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943658
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940284
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943120
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30939376
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30947206
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940176
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940286
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940408
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30944976
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_28_195216.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30940916
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_28_195216.30943834
</commentlist>
</conversation>
