We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Verified by Visa
Options
GingerBob_3
Posts: 3,659 Forumite
Those clowns at First Direct have just forced me to sign up for VbV. The DVLA website previously hadn't implemented this stupidly insecure system but now they have, and VbV have removed the Cancel button on the second screen, which used to allow you to bypass the sign up after step 1. Is there an easy way to cancel this unwanted annoyance - other than changing banks? Like lose your card or something?
0
Comments
-
Please do tell how you think losing your card would remove the need to use VbV? If it really irks you, switch to Nationwide.0
-
Clowns.... stupid...
AFAIK, retailers that skip it if it is available take extra risk of chargeback. Why are they supposed to when card details get sold right left and centre? Or why is it FD that is supposed to share the extra risk with retailers?0 -
It's clear from every post of yours that I've seen that you have an agenda against banks. This is perfectly fine. Banks have been far from perfect and there are things that certainly warrant anger. This, however, is not one of them. I too find it annoying when asked for the details but it is an additional security step and it's there to stop money being stolen.
By and large it's the banks that foot the bill for online fraud so of course they're going to do what they can to reduce it. A byproduct is that money is less likely to be taken from your account thereby reducing the hassle that fraud would cause you.
I assume that there are non-internet options for paying the dvla. Perhaps that route would be better for you.0 -
I too find it annoying when asked for the details but it is an additional security step and it's there to stop money being stolen.
By and large it's the banks that foot the bill for online fraud so of course they're going to do what they can to reduce it. A byproduct is that money is less likely to be taken from your account thereby reducing the hassle that fraud would cause you.
Evidence that VbV stops fraud isn't available and it is not accurate to say that it makes it less likely for money to be taken from one's account. Many question the motives of the system as a route to pass responsibility away from the bank. And many phishing attacks masquerade as VbV.
I detest security by obscurity measures such as VbV and actively avoid banks that use such terrible measures. Use of the system is reducing as banks and retailers realise it turns away more profit than any reduction in loss.0 -
TSB doesnt enforce use of it online, it starts directing me to the measure but authorises the payment when VbV just throws it as cleared without the need for VbV password characters.SO... now England its the Scots turn to say dont leave the UK, stay in Europe with us in the UK, dont let the tories fool you like they did us with empty lies... You will be leaving the UK aswell as Europe
0 -
TheTracker wrote: »Evidence that VbV stops fraud isn't available and it is not accurate to say that it makes it less likely for money to be taken from one's account. Many question the motives of the system as a route to pass responsibility away from the bank. And many phishing attacks masquerade as VbV.
I detest security by obscurity measures such as VbV and actively avoid banks that use such terrible measures. Use of the system is reducing as banks and retailers realise it turns away more profit than any reduction in loss.
I haven't heard of phishing attacks masquerading as vbv. Is there much evidence of this?0 -
I haven't heard of phishing attacks masquerading as vbv. Is there much evidence of this?
Plenty.
https://www.getsafeonline.org/news/watch-out-for-verified-by-visa-scam-emails/
http://stopsign.com/blog/verified-by-visa-scam-how-to-spot-the-fake/#.Vv57WBMrIUE
http://www.v3.co.uk/v3-uk/news/2129718/trend-micro-warns-verified-visa-3ds-password-reset-flaw
Also see http://www.theregister.co.uk/2014/11/14/mastercard_visa_killing_off_password_auth/ Where systems like VbV are "disliked both by security experts, who argue it's easily circumvented by phishing attacks, and merchants, who say the scheme's only benefit is allowing banks to shift liability in the case of fraudulent payments. The long-standing criticism has been that schemes like Verified by Visa inconvenience users without offering increased security."
Perhaps the biggest criticism is that the VbV redirect screens actually look like phishing scams.
I usually 'reset' my password each time I'm forced to use it. In which case I just give basic card details, and a piece of personal information like my birthday which is widely retrievable.0 -
Okay so these are all variants of dodgy emails rather than at the point of sale. I'm not convinced that that makes the system inherantly bad. People who fall for phishing emails are people who fall for phishing emails. I don't mean any disrespect to anyone who gets scammed but I don't see that vbv makes the situation any worse.
It is indeed very easy to reset the password for these with common data but the scammer will need to know it. In some cases they will know but in others they won't. I stand by my comment that it is more difficult with this admittedly minor security in place than without.0 -
It is indeed very easy to reset the password for these with common data but the scammer will need to know it. In some cases they will know but in others they won't. I stand by my comment that it is more difficult with this admittedly minor security in place than without.
Because one can reset a VbyV password with card details and birthdate, and because any attacker would already have your card details, all they'd need is your birthday to reset your VbyV details and pass the VbyV check.
So in essence all VbyV does is check that the holder's birthdate is known. Birthdays are not difficult to discover. For example, I found quite quickly that your birthdate is February 27th.0 -
TheTracker wrote: »Because one can reset a VbyV password with card details and birthdate, and because any attacker would already have your card details, all they'd need is your birthday to reset your VbyV details and pass the VbyV check.
So in essence all VbyV does is check that the holder's birthdate is known. Birthdays are not difficult to discover. For example, I found quite quickly that your birthdate is February 27th.
It's been a while since I had to reset my vbv password but aren't postcodes also required?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards