Verified by Visa - confused

usignuolo

Having just had the run around at Barclays call centre for the third time today, can someone explain to me

Do I need separate Verified by Visa passwords for my Barclaycard and Bank debit card?

agrinnall

Almost certainly - I have different ones for my Nationwide debit and credit cards (although they no longer use VbV). Although having said that, I can't see any reason why you wouldn't be able to set the passwords to the same value, unless VbV prevent it.

colesy

You don't need separate passwords.

mgdavid

colesy wrote: »

You don't need separate passwords.

exactly; VbV is one system, so you have one password.

agrinnall

mgdavid wrote: »

exactly; VbV is one system, so you have one password.

That makes no sense. Yes, it's one system, but you have a different login for each card. The fact that it's one system means that requiring different passwords for each login is more likely, not less, as VbV could enforce it if they really wanted to. I suspect colesy may well be right that they don't enforce it, but that's got nothing to do with it all being in one system.

GingerBob_3

VbV and the equivalents are rubbish! Avoid if you can. Don't sign up to them. You can overcome them by backing out of the compulsory sign up process once you've entered a valid postcode and DoB.

InsideInsurance

You will have 3D Secure on each of your cards. Its your choice if you pick the same password or different ones, they wont force you to have different ones, but they are independently set and maintained.

GingerBob_3

I wonder why they don't just implement the card PIN for online transactions?

InsideInsurance

GingerBob wrote: »

I wonder why they don't just implement the card PIN for online transactions?

As most wouldnt consider a 4 digit number to be secure enough on its own.

The only times you only use a pin number is in face to face transactions where you'd also have CCTV footage of the person making the transaction and you require the person to physically have the card with them

Online banking you need the card too as they use the cardreaders and not just the pin plus they use a number of behind the scene analysis to ensure its you.

MPH80

InsideInsurance wrote: »

As most wouldnt consider a 4 digit number to be secure enough on its own.

The only times you only use a pin number is in face to face transactions where you'd also have CCTV footage of the person making the transaction and you require the person to physically have the card with them

Online banking you need the card too as they use the cardreaders and not just the pin plus they use a number of behind the scene analysis to ensure its you.

Equally - in order to verify the card and the pin is present you need dedicated hardware. That hardware can be tampered with if it's not done securely (look at the side of most PIN devices - you'll see a tamper hologram).

So to implement the PIN security on the web - you'd have to roll out hardware to everyone with a card. Then you have to support the hardware when it doesn't work because of the broken USB/computer/laptop/operating system. Then you'd have to figure out which devices were genuine and which had been tampered with (involving a 2 way cryptographic exchange with the card via the pin device). Then you'd have to get every ecommerce outfit to change their checkout AGAIN (consider that a good number of sites still don't support VBV yet - and it's been going over 10 years now) ...

InsideInsurance

I suspect the proposal would be to effectively leave the VBV in place but replace passwords etc either as directly entering the pin or using the Sign or such on the existing Pin Sentry

Did see a prototype where the "PinSentry" was built into the card itself, was only a mill or two thicker than a normal card with a semi flexible LCD type panel built into it. Dont know what happened to that idea, guess production costs