The Old Verify By VISA

happyhacker

Some time ago (years?) one used to have to put in a pwd when that box came up when doing an online transaction. Now it comes up but does it automatically. It does this now when I purchase something. I keep my pwds in a file and am wondering if I can delete that stuff as now it either acts as just written or a OTP occurs. I think the Bank deals with all VISA transactions now. Anyone remember and know if I do not need them any longer? Thanks.

PS I assume this CC forum also deals with Debit Cards.

JJ_Egan

Check your browser if its holding the password .Usually due to ticking remember me on this computer .

[Deleted User]

You're unlikely to ever need to input them, but assuming your file is protected, I don't see any point in deleting them.

And if your password file isn't protected, protect it.

[Deleted User]

JJ_Egan said:

Check your browser if its holding the password .Usually due to ticking remember me on this computer .

The Halifax verified one I have looks like it is checking to see if it needs to ask the password on accounts I use regularly but doesn't ask it. There is no box to tick for this service as it's meant to be an additional security layer to show you are the card holder.

happyhacker

I've looked at this and there is no saved pwd details. I use Firefox for banking and delete all cookies on exit. I do notice that firefox has saved pwds for some of my grocery shopping sites which I have removed. I think this Verify-By-VISA action box is now built into the banks process and it does not grab any information from the browser. Am I right now?

[Deleted User]

happyhacker said:

I've looked at this and there is no saved pwd details. I use Firefox for banking and delete all cookies on exit. I do notice that firefox has saved pwds for some of my grocery shopping sites which I have removed. I think this Verify-By-VISA action box is now built into the banks process and it does not grab any information from the browser. Am I right now?

If you submitted a password it would require the browser to capture and send the data to the processor to prove you had entered it / verify it is correct

happyhacker

Deleted_User said:

happyhacker said:

... I think this Verify-By-VISA action box is now built into the banks process and it does not grab any information from the browser. Am I right now?

If you submitted a password it would require the browser to capture and send the data to the processor to prove you had entered it / verify it is correct

Are you saying then my Browser has hidden the pwd? Because I do not get the option to enter it and cannot see it in preferences of Firefox! The overlay window (say when buying groceries) appears I click the continue box and after a whir it closes.

[Deleted User]

happyhacker said:

Deleted_User said:

happyhacker said:

... I think this Verify-By-VISA action box is now built into the banks process and it does not grab any information from the browser. Am I right now?

If you submitted a password it would require the browser to capture and send the data to the processor to prove you had entered it / verify it is correct

Are you saying then my Browser has hidden the pwd? Because I do not get the option to enter it and cannot see it in preferences of Firefox! The overlay window (say when buying groceries) appears I click the continue box and after a whir it closes.

No, my opinion is that the bank decides if they need you to enter the password (e.g. a new transaction) or if it is a regular place you order from, they don't

Sandtree

3D secure has gotten more sophisticated over the years and your card issuer will decide on a transaction by transaction basis if they want any further security. If they do there is a variety of forms this can take of which one will still be your old password.

born_again

Sandtree said:

3D secure has gotten more sophisticated over the years and your card issuer will decide on a transaction by transaction basis if they want any further security. If they do there is a variety of forms this can take of which one will still be your old password.

There are 2 levels in the security systems VbV (retailer pays for VbV) (rubbish and easily defeated) and your banks own internal security.
VbV when it was password based was far to easy to beat, just click forgot password and with the right details (easily obtained) then fraudster was straight in.
When it changed to the new roll over system. There are a lot of background checks IP address, device address (we were told every device has a unique id) etc. Which were supposed to make it more secure.
So we expected to see a massive drop in fraud where VbV was used... Yea, right it actually went up....
Well it did not..... Found out that many of the things are actually cookie based. Only found when staff member used same device for 4 purchases and rung up to check the Visa system on device id's (deleted cookies on 2) as was sick of the amount of fraud we were seeing. Raised with Visa as deleting cookies meant a change of device id, which should mean password to be entered. But did not... Visa were not interested.

Sandtree

Oh, many banking systems are fundamentally terribly implemented, particularly initially.

When implementing card updater for a large UK insurer and using one of the largest merchant services providers it all went fine until it was actually turned on at which point people outside of IT actually read the technical specifications. Turns out you SFTP a file per merchant number which was more or less simply a list of credit card numbers, in CSV format with 1 number per row.

Shortly after a CSV was SFTP’ed back with the same number of rows with three options - a blank meaning no update, a new card number and a code giving a reason why there is a new card number or a code giving a reason why you cannot take payment off the original card.

No references at all, just row 1 should be the same card as row 1 you sent. Our IT took it upon themselves to implement one extra check of ensuring if we sent a file with 40,000 rows that we got back a file with 40,000 rows.

Well the obvious happened and our supplier messed up and accidentally resent us the same file twice and coincidently/ very unluckily, it had the identical number of rows so it passed security and a load of policyholders had their credit card numbers changed to another policyholders new credit card number.

Thankfully this was run 28 days before payments were taken and a few customers do actually read letters and saw their renewal stated that payment would be taken from “the card ending 3251” and phoned to say they didnt have a card with that ending. No wrong payments were taken but we actually shut taking any card payments for renewals for 5 days or so whilst the mess was unpicked. Plus we didnt go back to using card updater at that point!