Net Shoppers Bullied Into "Verified By Visa" Program 302
bluefoxlucid writes "According to The Register, several banks are forcing users to opt-in to the Verified by Visa optional service by locking their cards if and when they encounter a Verified by Visa participating site and fail to opt-in. Register reader Steve says, 'This seems like a strange way to implement a voluntary system. On most of the retailers' websites there is no clue that you are about to be challenged by Verified by Visa until you attempt to complete the transaction. This means that you trigger the "fraud protection" unintentionally. And when you have located a retailer who doesn't require Verified by Visa to complete a purchase, you can't because your account is on hold.' Further, '[I]n some cases resetting the password is all too easy. Fraudsters know this and go after these credentials which, once obtained, make it harder for consumers to deny responsibility for a fraudulent transaction. Phishing scams posing as Verified by Visa sites have sprung up targeting these login credentials.'"
This is why I use American Express (Score:2, Funny)
Also, I like the fact my card is clear!
Re: (Score:3, Interesting)
Also, I like the fact my card is clear!
Great, and as a business owner I despise you. AMEX holds money for 2 weeks before paying me. So does Discover.
That's why I don't take either one, publicly.
Out on a limb (Score:3, Funny)
Re:Out on a limb (Score:5, Insightful)
Purchasing locally only works if you live in an accessible area. Even when you buy local, it doesn't mean that you're actually supporting local business (like shopping at your local wal-mart doesn't really help your local economy that much).
Also, people in small communities often don't have the option to buy local? Or, What if the local stores are run by douchebags? Should we be foreced to spend our money to support them?
I'll keep buying online, unless I need something more than just a low price. When I need more than low prices (like, support) then I'll buy local.
I also like shopping while naked - which is easy to do online
Re:Out on a limb (Score:5, Funny)
People not even willing to make one small change in their habits make me sick.
Fortunately, you buy your antacids locally, so his buying habits directly benefit your community. The system works!
Re: (Score:2, Interesting)
And hand made clothes? Seriously? What, do you kids wear knit sweaters everyday?
Re: (Score:3, Interesting)
Well, assuming you're really buying locally (as in, buying locally grown, locally made products) it's reducing the carbon footprint of the purchase astronomically. Even buying from a "local" big box store helps this to some extent. Walmart and Best Buy ship their products very efficiently compared to the "Mail one box to your house" method used for online purchases. Think about it:
1) Grown/make a item yourself- zero gas or oil used in shipment
2) Item grown/made locally- Only fuel needed to get it from lo
Re:Out on a limb (Score:5, Funny)
Unfortunately, all the food is still made of carbon. If only we were silicon-based life forms!
Re:Out on a limb (Score:5, Insightful)
Buying locally only works if you're buying from locally owned/operated business. If you're buying 'local' from a multi-national chain, then you're not really buying local, you're just lying to yourself. The suggestion that we can buy local is only benificial if you buy from people who live in your town, and they also buy locally - otherwise, there is no point, since the local purchase doesn't stay local.
Yes because low price is king! Your community is 2nd!
This is true when my community isn't competitive because they don't have to be. When someone takes advantage of my situation, I'm less loyal to them. When someone charges me much more for a product because they CAN, not because they're being competitive, then I'm going to shop elsewhere, somewhere fair and reasonable. And why would I discriminate against another community, simply because of geographical distance (for example: Why should I deny the japanese my money when I can buy a perfectly good american car?).
Why? It all comes down to value. You can spend your money locally, but I'm only going to spend it locally when there is more value (which depends on the type of purchase) in shopping locally. Price is not king. But I'm not in a position to give excess money away for nothing. If you are in such a position, I'm happy for you.
Re: (Score:3, Interesting)
I do have one objection, while I hate Wal-mart for other reasons they actually pay good wages for the work(I've worked for them out of desperation for temporary work and got 9.90 an hour starting and well above minimum wage.)
Regardless, railing against trade is just silly and misinformed, there's a reason we've been doing it for so damn long, and in general it is mutually benefiting.
Re: (Score:2)
It ain't "going out on a limb" to bash Wal-Mart. It's the safest way to avoid commenting on /. without actually THINKING that there is.
If the 'Net had been around in the 1880s, it'd be "Dang-all, thar's another Sears, Roebuck Catty-log at muh door agin! Them dang-blasted Yankees're tryin' t'run Mr. Drucker's Store outta bidness!"
Re: (Score:2)
If you had no car, you wouldn't have those options anyways - and wal-mart might treat their poorly paid employees well (otherwise no one would work for them), but they don't treat anyone else in their supply chain well. Oh, and Zellers? Also an american company.
I could also argue that retail environments are good or bad based on the l
Re:Out on a limb (Score:4, Insightful)
Re: (Score:3, Insightful)
What could *you* have done with the extra $25 you saved in you bought the cheaper cable? Could you have possibly invested it and made something better/faster/cheaper and hence increased wealth? Maybe you would've put that money in a bank, which then lends it out to the guy who ends up inventing
Re: (Score:3, Funny)
I want to live in your universe, where banks provide early-round financing to entrepreneurs and the laws of thermodynamics don't exist.
Re: (Score:2, Funny)
>That's odd, I grew up in a town of less that 4,000 and had no trouble finding hand made clothes, fresh local
>produce, locally created art, music...
Yes, Oregon is generally something of a paradise in this respect.
You probably don't realize that you're being elitist here.
Re: (Score:2)
Shopping local means buying things that are made locally, not sold locally.
It also means buying from shops that are run by locals. I can't buy shoes made locally because there are no local shoe factories. I can, however, buy from a shoe store owned and operated by a local citizen.
Re: (Score:3, Insightful)
That sounds nice in theory, but in reality, many of us don't live anywhere near apples are grown. Personally, I live in a desert, and apples need to be transported 1000+ miles to get here. Citrus fruits, OTOH, I can get out of my back yard.
There's a certain amount of merit to the idea of buying locally, but don't take it too far. There's a lot of local businesses that have ridiculously high prices, and you're better off supporting a more efficient business in another state through the internet. There's
Re: (Score:3, Insightful)
It's about buying products that haven't had to be shipped hundreds or thousands of miles, when you have a choice.
Right, and why does that matter? The costs of transportation are already included in the price, as are the often substantial benefits from economies of scale. Shipping containers are *big*.
On the other hand, you can argue that transportation involves negative externalities that aren't reflected in the price. I doubt that effect is very significant, again because of economies of scale. Even if you
Re:Out on a limb (Score:5, Funny)
I buy all my hookers and blow locally.
Re: (Score:3, Insightful)
Re:Out on a limb (Score:5, Funny)
I buy all my hookers and blow locally.
I doubt the blow is produced locally, unless you meant to say methamphetamine? Either way I applaud you for helping to support your local Escalade driving youths!
Re:Out on a limb (Score:5, Funny)
Re: (Score:3, Funny)
I buy all my hookers and blow locally.
I doubt the blow is produced locally, unless you meant to say methamphetamine? Either way I applaud you for helping to support your local Escalade driving youths!
I live in Merced (CA), and I can say with pride that all our meth is made locally!
Re:Out on a limb (Score:4, Informative)
"Blow" is the powdered form of cocaine. Most of the drug addicted hookers smoke crack cocaine, not powdered coke. Although some of the ones I know are heroin junkies, some are alcoholics, and some aren't addicted to anything except money (those are my favorites).
I pay 'em in cash, let 'em buy their own damned dope!
Re:Out on a limb (Score:5, Funny)
They accept Visa? It really is everywhere you want to be! I'm guessing that for everything else you use Mastercard.
Re: (Score:2)
I'm glad that you don't just rent your hookers and sorry to hear that you blow in your community.
Re:Out on a limb (Score:5, Informative)
Geat idea for you rich guys. When I buy a $19.95 cable off newegg, I can't afford to pay $45.00 for it locally.
When I become rich like you, I'll buy locally, until then, I'll stay a price whore.
Re: (Score:2)
Eh, as with anything there is an upper limit as to what you can spend. I'll spend a few more bucks to get something locally -- but $45 vs $20? Forget it. I'd get it online in that scenario too.
Re:Out on a limb (Score:4, Informative)
Heh, the way people get rich is to be price whores, or just not buy shit that doesn't _make_ money (stocks, properties, tools) at all. If someone is paying $45 for a cable, they probably didn't become rich, the were born that way.
Re: (Score:2)
Why buy fixed length cat 5 at all when you can get 100 feet and a bunch of connectors for the same price and make your own? On the other hand there is this alternative:
http://www.amazon.com/gp/product/B000I1X6PM/ref=cm_cr_pr_product_top/104-9303095-4559920 [amazon.com]
Re: (Score:2)
VbV doesn't seem to work the same with newegg (Score:5, Interesting)
I notice my newegg transactions redirect through a verified by visa page at the end of the checkout transaction.
I was never asked to opt in or provide a password or any other additional information or join anything.
Not sure where the problem is on this side of the pond.
Frankly, I'm cool with any additional security measures as long as I'm not forced into signing up special. And I assume all my personal info is already known by both newegg and visa.
Re:VbV doesn't seem to work the same with newegg (Score:5, Informative)
This isn't about real security..... VbV, and similar systems is about protecting the finacial institutions from the costs of fraud, by shifting the liability to the customer. It is about the security of banks' future profits.
As I understand it, with Verified by Visa you create a password for your card. When you use your card, the vendor's site sends you to a Visa/your bank controlled domain to check the password (in an iframe, so you can't actually see the domain, no easily check the certificate). The idea is that only the card holder knows the password, and part of the agreement when signing up to VbV will be a promise that you will not disclose the password, and any transaction that uses the password will be assumed to have been approved by the card holder. Of course, the agreement is long and written in legalese, so the banks know most customers will not read it, and if they did they probably wouldn't understand it.
Well, fuck that. This is just the banks being greedy... obviously the merchant fees aren't enough to keep the shareholders happy so "costs" have to be cut in other ways. So by wriggling out of some more responsibility for fraud (like has been done with the chip and pin system), the banks can make even more money.
I recommend that anyone who gets presented with verified by visa to not sign up at all, and to stop using it immediately if you have signed up to it. Get a new card, or a new bank to avoid it in the future.
NoScript on my install of FF has the VbV domains marked as untrusted, and I think I have set up blunt adblock filters to stop anything at all being loaded to do with VbV. Generally, surfing without javascript seems to stop VbV from working in the first place though.
Of course, some banks are now pressuring people to sign up to VbV, by using tactics of annoyance (disabling cards and shouting "fraud prevention"), which will work on most people....
Re: (Score:3, Insightful)
NoScript on my install of FF has the VbV domains marked as untrusted, and I think I have set up blunt adblock filters to stop anything at all being loaded to do with VbV. Generally, surfing without javascript seems to stop VbV from working in the first place though.
Don't you think you're overreacting a bit? VbV might shift some liability to the customer, but it isn't just some BS the banks made up; it really does increase security if you pick a secure password and don't give it out.
Financial institutions aren't liable anyway (Score:3, Informative)
The financial institutions don't have liability anyway, liability currently lays with the merchants (and is very costly for them).
In the long run decreasing fraud costs for merchants should benefit consumers as ultimately the cost of covering that fraud is passed on to legitimate customers.
Better buyer authentication is g
Re:Financial institutions aren't liable anyway (Score:5, Interesting)
You said it! VbV may be imperfect but compared to the zillions of stories about identify theft etc. at least it's a technical attempt to improve the situation. Bruce Schneier has said that the key step to improving credit card payment is looping the transaction security through the banks (Visa) not the merchant, and that's what this looks like.
I for one would pay more for a card that came with a secureID card or used my cell phone or something else for savvy consumer to confirm transactions. Even though I'm not liable for fraud ultimately, the idea of the fraud just annoys the crap out of me and I'm game to pay to make it harder for the fraudster.
Re: (Score:3, Insightful)
The vbv window contains a phrase that you setup when you enable it, known only to you and the bank. If that phrase isn't there don't enter your password... simple.
Re: (Score:3, Informative)
Re:Federal law says you are liable for $50 max for (Score:3, Interesting)
They don't pay anyway - the merchant does. If someone buys a product on your card and you report it stolen or fraud then they charge it back to the merchant most of the time. The customer may get their money back but the merchant ends up out a product.
Especially fun if you have a customer buy something big and then report it as fraud. "I ordered an iPod and all they sent me was this cheap knock-off!" Unless you're WalMart they get their cash back and you're out the iPod.
I hate dealing with credit cards and
Optional abuse (Score:4, Interesting)
I've always cancelled past this.. (Score:2)
Re: (Score:2)
pictures of dead presidnets. -these seem to work no matter what. I realize powers that be claim that paying cash for all debts public and private is so 19th century but, it works...
Yeah? Then how come... (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
far harder to tax. How do you inflate a chicken?
NO! don't say it.
Re:I've always cancelled past this.. (Score:4, Informative)
Opt-In != Required (or at least it shouldn't be) (Score:5, Insightful)
Re:Opt-In != Required (or at least it shouldn't be (Score:3, Insightful)
Well, I guess you can opt to use your card with their authentication to shop on-line, or you can opt for a different method of payment.
Sadly, that's probably how they see it.
Cheers
Re:Opt-In != Required (or at least it shouldn't be (Score:5, Informative)
Not only that (Score:4, Informative)
But this Verified by Visa malarkey also encourages poor design and security choices by customers and merchants:
- Merchants must embed the Verified by Visa site inside their own checkout page (there must be some kind of xss hole there somewhere).
- The Verified by Visa redirect page requires javascript.
- Verified by Visa forces a customer to login to their web-bank; "elevating" a simple shopping session into a high-security web-bank login session.
What if the customer is using another PC (for those with web-bank logins tied to their home PC)?
What if the customer doesn't have their web-bank tokens / one time pad sheet with them?
In my opinion, the Verified by Visa scheme is overly simplistic and makes unwarranted assumptions about the customer and merchant which aren't appropriate in a "web 2.0" world.
I came across this as well... (Score:3, Funny)
but slightly different. My bank never informed me that they were implementing it or of what this program even was so I never signed up for it online. Sometimes I could cancel the order and it would go through anyways (good to see the software is working properly, lol). But after a while that stopped working. Several sites wouldn't let me purchase anything unless I did sign up for it. So I either had to go to some shoddy shady website to buy what I needed (if the option even existed) and end up possibly paying more, or sign up for this, yet another, "layer of protection" for my account. By the time I'm middle aged my account will be so wrapped up in layers it'll look like a Michelin Man Mummy.
Merchants instantly lose chargebacks if they don't (Score:5, Informative)
It sucks, but it's very understandable from the merchant side. It only needs to happen a couple times with big $$$ buyers for a small shop to be badly hurt.
Re: (Score:2)
Why why WHY!!!!! do you guys accept this kind of treatment?
In Denmark, if something is charged to your account and its fraudulent or something is amiss with the transaction, the bank is the one carrying the charge, not the customer or company.
If it turns out you are screwing around with them you are of course going to jail, but at least we assume that something really did go wrong.
Re: (Score:2)
In Denmark, if something is charged to your account and its fraudulent or something is amiss with the transaction, the bank is the one carrying the charge, not the customer or company.
So what you are basically saying is that in Denmark the bank charges higher fees to make up for the loss instead of the merchant charging higher fees?
Sounds like the consumer is still paying in the end.....
Re: (Score:2)
So what you are basically saying is that in Denmark the bank charges higher fees to make up for the loss instead of the merchant charging higher fees?
The issue isn't the cost of the protection, it's the implementation.
Re: (Score:2)
You see, banks are big, small shops are small. In the game of rock-paper-scissors, the banks win.
Does Skype do this? (Score:5, Interesting)
I haven't been back since.
Re: (Score:2)
And it's often broken unless you run IE (Score:2, Insightful)
It didn't work with my old bank and Safari or Firefox(and the netbank was not too good either). :)
So when a bank contacted me about changing to them, I asked at the meeting if they supported one of those browsers under OS X which they did(and their sites stated it also).
Must suck to have a great site that works with all types of OS and browsers only to have people rejected because their bank sucks.
Re: (Score:2)
Re: (Score:2)
It's a problem if you run noscript, when you go to allow the site to run the script you can't refresh and it screws everything up. So basically you have to know that your merchant uses Verified by Visa and enable it globally before you click the final checkout.
Of course once you're done you turn that feature off. I had noscript screw up my Newegg order before. The OS doesn't matter, it's purely FF where I've seen this and strictly because of noscript. Firefox without noscript has no problems with it.
Verified with Visa isn't that bad (Score:2)
However if you're given the option to opt out then that should be the case even if they are trying to protect people with verified by visa.
Verified not to work (Score:5, Interesting)
Re:Verified not to work (Score:4, Insightful)
So my browsing preference is Firefox + cookie whitelist + NoScript. That combination is enough to fully bypass Verified by Visa. A few months back I put in an order at NewEgg where I was challenged by the Verified by Visa system (which was not white listed for cookies or scripts) upon making the white list change to NoScript, the window refreshed and amazingly I had successfully completed the Verified by Visa Challenge (by allowing scripting on the page). Order went through without a hitch. Another satisfied customer (of NewEgg)
iirc, Verified by VISA at newegg is optional. i wonder if this "trick" would work at a merchant where Verified by VISA is compulsory? did you happen to test this work-around at such a merchant's website?
how a merchant integrates the Verified by VISA system into their website may also affect whether or not the system can be bypassed.
I've never had a problem (Score:2)
Seems to me... (Score:2)
That'd happen once, and then it'd be time to find a new bank. Or switch to a credit union.
No way to verify (Score:5, Informative)
One of the reasons I've avoided Verified by Visa is that the way they implement the "authentication" page it's impossible for the customer to tell whether they're entering their password into the Visa site or some random black-hat site. And I have a simple rule: I don't enter my account's password into any form that's not on a page clearly and verifiably served by my bank's Web server.
Of course, if I'm buying on a Web site, I'm most likely using my Amex card which doesn't have this issue. If the merchant doesn't take Amex, I'll go to one that does.
Re: (Score:3, Informative)
IME, the implementation is a train wreck. I have a Visa card through Bank of America, and the first time I ran into the "Verified" prompt, I was positive it was a scam:
Hello Americans, British and European banks laws (Score:3, Interesting)
BITE
Seriously, while we live far from a legal utopia in the US, the little bits I have learned about banking laws and regulations in Europe make we amazed that those folks don't keep all their Euro's and pounds in their mattresses.
It seems that often Europeans have no recourse against banking mistakes. But on the US side of the pond banks would rather take the losses from robbery than but in "unfriendly looking" security that might make customers feel uncomfortable. Hence they also take the loses on Fraud, identity theft, etc.
And you wondered why your credit card charged 22% interest.
Re: (Score:2)
And you wondered why your credit card charged 22% interest.
*Cough*Ahem* [consumerist.com] excuse me.
Verified by Visa Backdoor (Score:5, Informative)
I am a religious user of disposable credit card numbers. [findarticles.com] The numbers are user-generated using a little flash-applet that I requires a login and password. They are linked, at the bank's end, to my 'real' credit card account be it visa or mastercard.
I have never signed up for verified by visa, but I have found that every time I use a disposable number linked to my visa account that it automagically passes the verified by visa tests - I'll see the verified by visa web page come up, and without any other actions on my part, it says that I passed or was verified or whatever and my transaction goes through just fine.
Re:Verified by Visa Backdoor (Score:5, Interesting)
I had my Visa Locked because of this (Score:2, Interesting)
These programs suck... (Score:2)
I was looking at http://www.lbweyewear.com/ [lbweyewear.com] and using a debit card that you could use anywhere on the mastercard system. The site mentioned something about a Secure MasterCard program. So I did what anyone intelligent would to. I went to the mastercard website to look up the damn thing. What is it? Basically another PIN that you have to enter for you to use your card.
I was hoping/wanting to go to the mastercard site and have them generate me a unique one time card ID for either each individual online trans
Why not proper authentcation? (Score:2)
For a short while I was wondering why Visa didn't use a two-factor authentication model when they made Verified by Visa / 3-D-secure.
Then I remembered: they care only about their own losses, not their costumers'
A positive (Score:3, Funny)
When I bought that iPhone App, Verified by Visa outright verified that it was *I* who was rich, and not some spineless imposter.
Discover Card (Score:3, Informative)
Just my 2 cents
Bad from the retailer's persepctive too (Score:5, Informative)
I work for a large online business, and recently had to re-design parts of our checkout process to accommodate the "Versified by Visa" and "MasterCard SecureCode" systems. The whole thing is confusing and error-prone. Several parts of the "guidelines" (for which read "commands") from Visa and MasterCard are plainly crafted by people who've never had to sell anything on-line in their lives. Pop-up windows, erosions of brand equity, sudden re-orientations, confusing distractions - all right at the crucial point of purchase (in our case for average orders worth several hundreds of dollars). And all that is ignoring the fact that the consumer has to remember YET ANOTHER PIN NUMBER.
Needless to say, we are only going to implement it when we are forced to at gunpoint. Yes, there are theoretical advantages in decreased charge-backs, but if that takes place against lower conversion, we might have to bring the lawyers in.
Personally, I see these schemes as a symptom of the actions of robotic "security analysts" - morons who see customers as "actors" in use cases. Where the only response to attack is to "increase security" by piling more responsibility on people who already have more than enough passwords, convoluted signups and "for your protection" bullshit to cope with. Is it a coincidence that we're seeing more fraud while such "security measures" increase?
How about Visa and MasterCard get off their corpulent, gaseous arses and actually DO SOMETHING about credit card fraud that doesn't simply pass the buck?
Re:sounds like change to Mastercard (Score:5, Funny)
Driving your customers to the competitor: Priceless. :-P
Cheers
Re: (Score:2)
Unfortunately for a lot of us, we don't use credit cards, but Visa Debit, which is the only option from almost every bank in America. I have a few credit cards, but I never use them. Why should I buy on credit if I have the cash today (with the exception being interest free, which I always opt for)
Sure, I could pay it off immediately, and on most cards, still get it interest free within the grace period, but then I'm processing 2 transactions to buy something once, and if I forget, (or if the check is los
Re: (Score:2)
Visa Debit, which is the only option from almost every bank in America.
Very minor comment, but... I've never had a Visa debit card. The last 5 banks I've been with, from various places I've lived in the U.S. Northeast, have all had MasterCard debit cards.
Re: (Score:3, Informative)
Just a note: Frequently, using Visa Debit cards does not give you the same transactional protection as using a "real" credit card.
Re:sounds like change to Mastercard (Score:4, Interesting)
If Visa is going to behave badly, dump them.
From TFA:
Visa and Mastercard are a cartel. [cnn.com] If one screws over the customer, so does the other.
Re: (Score:3, Interesting)
Re:This is probably a good thing, cardholders... (Score:5, Interesting)
I'm not so sure.
I think all of my cards have switched to Mastercard now, but at least one of them was a Visa credit card until fairly recently. I came across this "Verified by Visa" thing out of the blue one day, having had no prior warning from either my card company or the merchant that I should expect it.
So I did what any smart person does when a web browser surprisingly pops up a window they've never seen before and asks for their confidential information: I left the site immediately, cancelled that card and reset all my security details, and shopped elsewhere using a different payment method in the meantime. Both Visa and the merchant in question lost out on that one.
Re:This is probably a good thing, cardholders... (Score:4, Informative)
I think all of my cards have switched to Mastercard now
MasterCard has an equivalent system called SecureCode. I haven't encountered it yet, though I checked and the bank with which I have my MasterCard does support it.
Re:This is probably a good thing, cardholders... (Score:4, Informative)
MasterCard have the equivalent of Verified by visa, I'm not sure what it's called now but you interface with both systems in the same way (3DSecure is the generic name). I guess the US is a year behind the UK in this; last summer Mastercard forced all "cardholder not present" transactions done by Maestro (a UK debit card) through this system. As both a merchant and a developer I was less than pleased. As you point out the implementation is horrific. The UK banks actually use (or used at least, I haven't checked recently) a third party to provide the external verification pages and these are hosted on a shared server (at secureserver.co.uk I think) that also has the likes of maspieshop.secureserver.co.uk on it (at least that's what you used to get when you visited the IP that this resolved to). Reinforcing the appearance that this was some kind of scam was the poor html and appalling design. Needless to say Maestro payments pretty much dried up to nothing and we had a great time fielding phone calls from customers that hadn't been informed by their banks what was happening (pretty much all of them).
This was forced through by mastercard completely ignoring the protests of the clearing banks, payment gateways and merchants, presumably from some political motive, and it simply hasn't been thought through at all: you can change the password just by entering the card number and cv2, which if you've stolen the card details, you of course have.
Don't assume that mastercard is any better than visa: they are a two member cartel. Anyway, given that maestro payments collapsed to about 20% of their prior level, I hope that mastercard got what they deserved.
Re:This is probably a good thing, cardholders... (Score:4, Informative)
I called the customer service number on the back of my card, and waited to talk to a human about this "Verified by Visa" program. My bank (Wells Fargo) could not tell me anything about the VbV program, or even that it exists. This just stupified me. It clearly has the Visa Logo on the front of the card, The Wells Fargo logo on the front of the card, and Wells Fargo cannot tell me that the VbV program isn't even an attempt at fraud.
I suggested that the customer service representative notify their supervisor that their customer service reps need more education on the services that they are offering, and hung up.
I then closed my web browser, called the merchant on the phone, and placed my order that way. Toll-Free, 24 Hours.
The Internet. Who needs it?
Maybe if they were competent at it. (Score:5, Insightful)
Verified by Visa, 3D Secure, etc are GOOD for you.
Adding an inherently insecure stage to every transaction... which provides another opportunity for fraudsters using cross site and cross zone attacks to steal your authentication tokens... is good for you?
On what planet?
Re: (Score:2)
The dark side is that the card networks are pushing this so that they can move fraud liability from the merchants to the consumers.
You are confused. The card networks have ALREADY pushed all the fraud liability from themselves to the merchants, and they are quite content with this arrangement. They don't really want the consumers to be liable, because then consumers will stop using their card. Far better to have the merchants liable, because they can't afford not to accept the cards.
Besides, at the end of t
Re:This is probably a good thing, cardholders... (Score:4, Informative)
Sorry, but the above is not true at all. Merchants that use VBV or SecureCode know that one of the main benefits is that the card scheme accepts liability for fraud.
Proof here: http://usa.visa.com/merchants/risk_management/vbv.html [visa.com]
Re: (Score:3, Interesting)
I had that happen to me a few months ago, but at the time I thought it was perfectly reasonable.
I bought a digital SLR on-line (about $1200CDN). They have no history of me shopping on line (I usually don't), and a big p
Re: (Score:3, Interesting)
Personally, I kind of liked the fact that they're monitoring my account for atypical transactions. The alternative is much worse.
No it's not. At least not for you, it is for the bank, which is why I get annoyed every time they say "for your protection" - uh, uh it is for THEIR protection and they shouldn't patronize me by lying about it.
Absolute worst case, you end up losing $50 - that's federal law. In almost all cases, the bank waives that fee so that you owe nothing - they or the merchant that took the fraudulent transaction are on the hook. Now compare that to a situation in which you absolutely need your credit card to work a
Re: (Score:2)
I did.
What's frightening is that I wasn't that shocked. It seemed perfectly believable -- just somewhat frightening. I was contemplating possible routes to take to continue using Linux instead -- everything from cracking it to angry letters to lawsuits...
Wasn't till I clicked through to TFA -- and even then, only after I noticed that there seemed to be quite a lot of mention of Visa. Were they the only company stupid enough to make a deal with Microsoft about Vista?!... Oh. Oh.
Moral of the story: Always Re
Re: (Score:2)
For some reason it is sticking out in my mind as "Vilified by Visa"...
3dSecure isn't secure for the customer... (Score:5, Insightful)
ANY system that redirects me to a framed third-party page that I can't verify to provide authentication information is inherently insecure and I will not use it. I've had problems with identity fraud online even without this extra layer of insecurity...
If this means I only buy online with Paypal (which I have funded by an account with a limited balance that I *only* use for Paypal) and one-shot debit cards from the grocery store, I guess I should thank them for making me shop more safely online.
Re: (Score:2)
Except that issuing smart cards to millions of "customers" costs THEM money and generates no revenue, but forcing another "optional" service onto "customers" does. As a profiteering company, the choice is obvious.