Feeds

RSA domain glitch derails UK online retailers

Unverified by Visa

Internet Security Threat Report 2014

RSA has apologised for a domain name registration glitch, which left clients of its securesuite.co.uk payment processing service unable to process payment as normal last Thursday.

Pizza purveyor Domino's, Dabs and others were hit by the snafu, which meant transactions either timed out or failed. In response to the problems, some online retailers disabled Verified by Visa on transactions that would normally be run through securesuite.co.uk.

RSA, which runs securesuite.co.uk through Cyota (a 2005 acquisition), at first denied knowledge of the glitch, insisting everything was fine with the domain. Initial checks suggested that the domain had expired after someone forgot to renew it. But a web-based system diagnostic tool that RSA uses gave the domain the all-clear.

"RSA is in the middle of updating all of its relevant domain names," the security vendor initially said. "In this particular case presented by The Register, the public WHOIS was not for some reason reflecting RSA's renewal, which has in fact already been processed.

"RSA is unaware of any service outages for our customers and have not received any complaints from card issuers, and all our diagnostics have passed."

However, further investigation, prompted by a request by El Reg to explain multiple independent reports of glitches, yielded the following response:

On 17 July, RSA 3D Secure within the United Kingdom was partially unavailable to certain customers and some transactions were delayed or blocked due to a domain name registration issue. The issue was identified and remedial action was taken. At the time, all Payment Card Issuers were immediately notified of a service interruption and they received continuous updates throughout until resolution.

The securesuite.co.uk is used to add 3D Secure protocol checks as an added layer of security to credit or debit card purchases and offered to consumers through such as the Verified by Visa and MasterCard SecureCode services. The online security and anti-fraud service has been mistaken for a phishing site in the past, but is (though it might appear otherwise) legitimate.

Reports of failed transactions involving securesuite.co.uk came to our attention thanks to Reg reader Martin N. "I first noticed something was wrong when I couldn't order a pizza from Dominos - who have now disabled their Verified by Visa stuff," he told us. "The site [securesuite.co.uk] is down because the site's domain is suspended. Somebody really messed up." ®

Internet Security Threat Report 2014

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.