3D Secure - Breaches

A national daily carried the regular half-page Ad from a leading private sector bank under its 'Customer Education' series titled 'Keep Your 3D Secure Passcode Secret'.

Here's the actual link to Ad.

It's been 12 months since 3D secure has been implemented across the board after being mandated by RBI and looks like already there have been enough breaches to necessitate this Ad. It had been pointed out through an earlier article "Additional Password for Online Credit Card Purchase" about the loopholes. The technology has been backed by leading card brands and also endorsed by RBI. However, the technology solution is pretty rudimentary and certainly not foolproof. You would wonder as to how and why such incomplete solutions are promoted even after realizing the scale of impact. It certainly can't be that these agencies do not have access to talent or that they aren't aware of better solutions. Irrespective of whether or not end-customers are protecting the information, there are ways and means to misuse because of the faulty solution. The system certainly needs to be fixed. Its better to spend money towards finding and implementing a better solution than scare customers and ultimately blame them for breaches.