We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Verified by Visa
Options
Comments
-
My gripe with this lot is that it's forced on you by the merchant under pressure from the bank, and it doesn't benefit you one iota.
This morning I was in a rush and had to pay car tax online. Previously DVLA hadn't implemented VbV and equivalents so I was looking towards a couple of minutes and job done. Not so! Just as I was about to complete the transaction and get on my way, up pops this compulsory registration screen and there's no way out of it. And yes, for all the world it could have been a phishing screen. Previously you could enter basic details on the first screen then cancel on the second. This time there was no opportunity to do so, and after entering further details, thinking there was another screen to confirm details or hopefully abandon the whole thing; No! "Congratulations. You are registered". The scumbags had essentially blagged me into signing up. Well boll**ks to them! I won't use that card any more.
There is a great deal of evidence that VbV is inherently insecure and at times has been known to cause a lot of difficulty with online purchases. The sooner the merchants see it for what it really is, the better.0 -
TheTracker wrote: »Because one can reset a VbyV password with card details and birthdate, and because any attacker would already have your card details, all they'd need is your birthday to reset your VbyV details and pass the VbyV check.
So in essence all VbyV does is check that the holder's birthdate is known. Birthdays are not difficult to discover. For example, I found quite quickly that your birthdate is February 27th.
When I worked in an open-plan office I knew most people's date of birth and other personal details - all because of this "we'll just take you through security" baloney.0 -
TheTracker wrote: »Plenty.
https://www.getsafeonline.org/news/watch-out-for-verified-by-visa-scam-emails/
http://stopsign.com/blog/verified-by-visa-scam-how-to-spot-the-fake/#.Vv57WBMrIUE
http://www.v3.co.uk/v3-uk/news/2129718/trend-micro-warns-verified-visa-3ds-password-reset-flaw
Also see http://www.theregister.co.uk/2014/11/14/mastercard_visa_killing_off_password_auth/ Where systems like VbV are "disliked both by security experts, who argue it's easily circumvented by phishing attacks, and merchants, who say the scheme's only benefit is allowing banks to shift liability in the case of fraudulent payments. The long-standing criticism has been that schemes like Verified by Visa inconvenience users without offering increased security."
Perhaps the biggest criticism is that the VbV redirect screens actually look like phishing scams.
I usually 'reset' my password each time I'm forced to use it. In which case I just give basic card details, and a piece of personal information like my birthday which is widely retrievable.
I agree, first used my TSB card on a website, I never heard of before. I took the preventative measures of googling and seeing info on legitimate websites I know well, all good, entered card details and the VbV box thing came up saying its usual bumf contacting bank then the payment says approved on a non VbV box onscreen that disappears. Happens everytime.
1) Why the need to show VbV box at all
2) It comes across really dodgy it starts loading the VbV box and logo but does not ever load VbV at all
I with RBS used to reset everytime, never know if a key logger is present
I think VbV and Mastercode should at least text and/or email the details your bank hold a code for VbV/Mcode when a card transaction is made, enter on screen and security check is actually that.
Given contactless the two procedures seem to be !!! and elbow in enhancement :rotfl: neither impress or reassure me as a consumer.
Its a publicity thing that punishes retailers who have to use these stupid moronic screens for little security gain and chargebacks, if TSB, Lloyds Group banks can call and set up a new payment via pin why cant process that be reversed to give a pin by registered email/text to input on VbV/Mcode for online transactions?
You cant shop online without internet so if the short expiry code VbV/Mcode cant come through on text as no signal, users defo have access to their email they have registered with the bank/card issuer.
If VbV/Mcode was health and safety (which security in this day and age should be) no way would a governmental dept would have signed off on a half slap bash attempt effort by Visa and Mastercard.SO... now England its the Scots turn to say dont leave the UK, stay in Europe with us in the UK, dont let the tories fool you like they did us with empty lies... You will be leaving the UK aswell as Europe0 -
TheTracker wrote: »and merchants, who say the scheme's only benefit is allowing banks to shift liability in the case of fraudulent payments.
This is not true, a merchant that uses Verified by Visa is protected against chargebacks. The system is there to protect the merchant and not the cardholder, contrary to popular belief.0 -
I think I know who the clown is here.......The questions that get the best answers are the questions that give most detail....0
-
Hellzapoppin wrote: »This is not true, a merchant that uses Verified by Visa is protected against chargebacks. The system is there to protect the merchant and not the cardholder, contrary to popular belief.
You read the quote wrong, which by way was not my comment but a quote from an article. The merchants are concerned about a shift of liability away from the banks at the cost of usability. And the shift is towards the cardholder, not the merchant, who as you say is a middleman.
Because as a merchant, you are concerned about anything that will cause less revenue/profit, and putting usability barriers to protect banks in the process of a consumer buying your produce or service is not good for business.
Anyway, as said earlier, banks are moving away from the folly of the scheme.0 -
-
The DVLA for being brow-beaten into accepting it?
The DVLA is full of third party sub contracted companies and their clowns, up there with Vodafone.SO... now England its the Scots turn to say dont leave the UK, stay in Europe with us in the UK, dont let the tories fool you like they did us with empty lies... You will be leaving the UK aswell as Europe0 -
TheTracker wrote: »You read the quote wrong, which by way was not my comment but a quote from an article. The merchants are concerned about a shift of liability away from the banks at the cost of usability. And the shift is towards the cardholder, not the merchant, who as you say is a middleman.
Because as a merchant, you are concerned about anything that will cause less revenue/profit, and putting usability barriers to protect banks in the process of a consumer buying your produce or service is not good for business.
Anyway, as said earlier, banks are moving away from the folly of the scheme.
The banks were not liable for the fraudulent transactions before Verified by Visa came about, the loss fell on the merchant. The scheme is not compulsory and retailer's that sign up to it do so to protect themselves from fraud.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards