Is It Really This Easy to Purchase Using Someone Elses Credit Card?

Pretty nearly.

Researchers at Cambridge University Computer Laboratory, have shown that Chip & Pin machines are not as secure as the banking industry claims.

Researchers have said that two widely deployed models fail to protect customers' card details and Pins adequately.

Disclosures on the alleged weaknesses in the security of the systems are due to be made on BBC 2's Newsnight this evening (26 February 2008).

The problem in general (can't say in particular for the Alliance and Leicester version) is that the "Verified by Visa" or however it's branded bits are incredibly badly written, don't work in many browsers and break accessible sites.

That means that any website that wants to be legal and comply with the DDA CANNOT use this functionality. Some bits of it do work with some browsers.

I quite often chose to use the "accessible" version of websites because it's often much quicker - for instance on the tesco website you can go all the way through the order process in lynx (without needing to touch a mouse) and then you get hobbled by the "verified by visa" bit and have to go back to the start with a different browser and start again.

I also consider any financially related website that doesn't _REQUIRE_ you to turn _OFF_ javascript is fundamentally broken security wise. (There is not one that I use that does require it to be turned off - although a few do work with javascript turned off most require it to be turned on although they might not tell you this)

Another peeve is the number of financial https websites that smother the page in .gif files instead of using text for various buttons. This makes the websites so slow when each time you click you get loading image 1 of 78 ... loading image 45 of 78 ... Tim.