Net Shoppers Bullied Into "Verified By Visa" Program 302
bluefoxlucid writes "According to The Register, several banks are forcing users to opt-in to the Verified by Visa optional service by locking their cards if and when they encounter a Verified by Visa participating site and fail to opt-in. Register reader Steve says, 'This seems like a strange way to implement a voluntary system. On most of the retailers' websites there is no clue that you are about to be challenged by Verified by Visa until you attempt to complete the transaction. This means that you trigger the "fraud protection" unintentionally. And when you have located a retailer who doesn't require Verified by Visa to complete a purchase, you can't because your account is on hold.' Further, '[I]n some cases resetting the password is all too easy. Fraudsters know this and go after these credentials which, once obtained, make it harder for consumers to deny responsibility for a fraudulent transaction. Phishing scams posing as Verified by Visa sites have sprung up targeting these login credentials.'"
Opt-In != Required (or at least it shouldn't be) (Score:5, Insightful)
Re:Out on a limb (Score:5, Insightful)
Purchasing locally only works if you live in an accessible area. Even when you buy local, it doesn't mean that you're actually supporting local business (like shopping at your local wal-mart doesn't really help your local economy that much).
Also, people in small communities often don't have the option to buy local? Or, What if the local stores are run by douchebags? Should we be foreced to spend our money to support them?
I'll keep buying online, unless I need something more than just a low price. When I need more than low prices (like, support) then I'll buy local.
I also like shopping while naked - which is easy to do online
Re:Opt-In != Required (or at least it shouldn't be (Score:3, Insightful)
Well, I guess you can opt to use your card with their authentication to shop on-line, or you can opt for a different method of payment.
Sadly, that's probably how they see it.
Cheers
Re:Out on a limb (Score:3, Insightful)
And it's often broken unless you run IE (Score:2, Insightful)
It didn't work with my old bank and Safari or Firefox(and the netbank was not too good either). :)
So when a bank contacted me about changing to them, I asked at the meeting if they supported one of those browsers under OS X which they did(and their sites stated it also).
Must suck to have a great site that works with all types of OS and browsers only to have people rejected because their bank sucks.
Re:Out on a limb (Score:5, Insightful)
Buying locally only works if you're buying from locally owned/operated business. If you're buying 'local' from a multi-national chain, then you're not really buying local, you're just lying to yourself. The suggestion that we can buy local is only benificial if you buy from people who live in your town, and they also buy locally - otherwise, there is no point, since the local purchase doesn't stay local.
Yes because low price is king! Your community is 2nd!
This is true when my community isn't competitive because they don't have to be. When someone takes advantage of my situation, I'm less loyal to them. When someone charges me much more for a product because they CAN, not because they're being competitive, then I'm going to shop elsewhere, somewhere fair and reasonable. And why would I discriminate against another community, simply because of geographical distance (for example: Why should I deny the japanese my money when I can buy a perfectly good american car?).
Why? It all comes down to value. You can spend your money locally, but I'm only going to spend it locally when there is more value (which depends on the type of purchase) in shopping locally. Price is not king. But I'm not in a position to give excess money away for nothing. If you are in such a position, I'm happy for you.
3dSecure isn't secure for the customer... (Score:5, Insightful)
ANY system that redirects me to a framed third-party page that I can't verify to provide authentication information is inherently insecure and I will not use it. I've had problems with identity fraud online even without this extra layer of insecurity...
If this means I only buy online with Paypal (which I have funded by an account with a limited balance that I *only* use for Paypal) and one-shot debit cards from the grocery store, I guess I should thank them for making me shop more safely online.
Maybe if they were competent at it. (Score:5, Insightful)
Verified by Visa, 3D Secure, etc are GOOD for you.
Adding an inherently insecure stage to every transaction... which provides another opportunity for fraudsters using cross site and cross zone attacks to steal your authentication tokens... is good for you?
On what planet?
Re:Verified not to work (Score:4, Insightful)
So my browsing preference is Firefox + cookie whitelist + NoScript. That combination is enough to fully bypass Verified by Visa. A few months back I put in an order at NewEgg where I was challenged by the Verified by Visa system (which was not white listed for cookies or scripts) upon making the white list change to NoScript, the window refreshed and amazingly I had successfully completed the Verified by Visa Challenge (by allowing scripting on the page). Order went through without a hitch. Another satisfied customer (of NewEgg)
iirc, Verified by VISA at newegg is optional. i wonder if this "trick" would work at a merchant where Verified by VISA is compulsory? did you happen to test this work-around at such a merchant's website?
how a merchant integrates the Verified by VISA system into their website may also affect whether or not the system can be bypassed.
Re:Out on a limb (Score:4, Insightful)
Re:As a developer that has implemented VBV/SecureC (Score:2, Insightful)
Thrilling. Someone's figured out that a cardholder's bank is a function of the first few digits of the card number. Whoopty-doo, welcome to "valid credit card number generators" circa 1980!
What custom message? The problem with the system is that the first time a user uses it, it looks/smells/feels/talks/walks like a phish. Anyone with an iota of clue will never sign up for it in the first place.
The whole programme misses the point. I trust the merchant, or I wouldn't be shopping there in the first place. I trust my bank -- but my bank has no role in the process beyond issuing the card. What I don't trust is a third party getting in the way of that process.
When you say "no involvement at all from the merchant site", you mean "feature", but you say "bug", because the risk of a card number being intercepted in transit between my desktop and the merchant's site is far less than the risk of a card number being intercepted by Javashit-launched malware on my own PC. And the #1 sign that such malware is on my PC is the unexpected popping-up of pages that want to do HTTP traffic with third-party web sites. Seriously, I'm doing business with a retailer I trust, I bank at a bank I trust, and my browser starts popping up windows from some website hosted at a domain called "cyota.com"? I just now discovered that "www.cyota.com" redirects to "www.rsa.com", which is sorta comforting, because I actually expected it to redirect to some randomly-named Russian phish host.
It may be secure (for the moron who runs Javashit and always clicks "OK" to everything), but to anyone who actually tries to keep the client side secure, it smells fishier than a bag of Hillary Clinton's used tampons stuffed sideways into Ann Coulter. What the fuck were you people thinking?
Re:Out on a limb (Score:3, Insightful)
What could *you* have done with the extra $25 you saved in you bought the cheaper cable? Could you have possibly invested it and made something better/faster/cheaper and hence increased wealth? Maybe you would've put that money in a bank, which then lends it out to the guy who ends up inventing a car that runs on water.
Instead, you've spent it on something that was produced inefficiently (hence the higher price, assuming same quality). Now that money went to maintaining an older cable making machine or an inefficient management team.
Re:Out on a limb (Score:3, Insightful)
That sounds nice in theory, but in reality, many of us don't live anywhere near apples are grown. Personally, I live in a desert, and apples need to be transported 1000+ miles to get here. Citrus fruits, OTOH, I can get out of my back yard.
There's a certain amount of merit to the idea of buying locally, but don't take it too far. There's a lot of local businesses that have ridiculously high prices, and you're better off supporting a more efficient business in another state through the internet. There's a lot of local businesses that don't do much good for the community, like Wal-Mart (you can claim that's not what "buy local" is about, but Wal-Mart is certainly much more "local" than Newegg, as they have a physical location near you and employee people in your community). For many things, I find ordering through the internet far cheaper, far more efficient, and far faster. If I want to buy some obscure product, it's easy to google it and buy it from some tiny web store or Ebay or Amazon. Finding it locally would require many phone calls and a lot of time, and if I find it at all, I'd pay a lot more for it. If I want to buy auto parts, there's places online that sell factory parts at a big discount over my local dealership. Why should I support my local dealership with its marble floors?
Buying locally sounds good for food and produce, and that's really about it. But even then, no matter where you live, certain foods just don't grow well or efficiently in some places. Apples don't grow here in the southwest desert. Oranges and grapefruits don't grow in Washington. We don't have salmon growing wild here in Arizona for obvious reasons, and neither does most of the country. People in North Dakota probably don't have much of anything growing near them. Unless you're stupidly going to restrict your diet to things that grow in your area, you're going to have to buy foods brought in from other areas, and many times other countries (how many places in the USA can grow bananas?). Of course, as the recent problem with salmonella and jalapenos showed, it's smart to be careful about foods imported into the country, but these days our government is completely failing us in handling trade between us and other countries and making sure products imported here are safe, so it might make some sense to restrict your intake of non-US foods.
Re:VbV doesn't seem to work the same with newegg (Score:3, Insightful)
NoScript on my install of FF has the VbV domains marked as untrusted, and I think I have set up blunt adblock filters to stop anything at all being loaded to do with VbV. Generally, surfing without javascript seems to stop VbV from working in the first place though.
Don't you think you're overreacting a bit? VbV might shift some liability to the customer, but it isn't just some BS the banks made up; it really does increase security if you pick a secure password and don't give it out.
Re:Out on a limb (Score:3, Insightful)
It's about buying products that haven't had to be shipped hundreds or thousands of miles, when you have a choice.
Right, and why does that matter? The costs of transportation are already included in the price, as are the often substantial benefits from economies of scale. Shipping containers are *big*.
On the other hand, you can argue that transportation involves negative externalities that aren't reflected in the price. I doubt that effect is very significant, again because of economies of scale. Even if you imposed large carbon taxes, it would only cause a slight price increase when amortized over millions of bananas or t-shirts.
Re:Financial institutions aren't liable anyway (Score:3, Insightful)
The vbv window contains a phrase that you setup when you enable it, known only to you and the bank. If that phrase isn't there don't enter your password... simple.