Regardless of your faith in, or doubts about, its effectiveness what is certain is that if you encounter Verified by Visa, also known as VbyV, you have to play ball and sign up in order to make your online purchase.
What are the perils of doing so? Find out by reading on.Both Verified by Visa and MasterCard's SecureCode service claim to offer extra security checks which ensure that online purchasing is made more secure. But do they really? Is the truth that under these schemes does the burden of proof for tranactions made using your stolen ID shift to you instead?
Online ID theft is big business. The Get Safe Online report released towards the end of 2008 made clear, the average UK wage earner could lose up to £15k in an online ID theft attack.
Under the terms of credit card verification schemes when you or I buy goods or services from participating online retailers:
- The retailers are asked to submit a VbyV or SecureCode password to authorise transactions
- If you have already signed up to your credit cards verification scheme you'll be asked to enter 3 letters/digits from your verification code
- If you haven't yet registered, you'll need to
These additional checks are typically submitted via a website affiliated to a card-issuing bank but with no obvious connection to a users bank.
My own experience of Verified by Visa involved my being asked to register with a company called Securesuite. How was I to know that Securesuite are affiliated to Visa? Instead I (sensibly) held off completing my transaction and called Visa to verify that their own verification service was bona-fide.
On calling Visa, I went through a series of push button options and then spoke to a call centre operative who gave me the Visa fraud line number.
The operative at the end of the fraud line confirmed that Securesuite was indeed a Verified by Visa affiliate.
My one consolation in all this was that Norton 360 spotted and verified the entire process from start to end. My call to Visa was for my own peace of mind. What if I had not had that level of security?
Now, in an age of phishing attacks, what planet are Visa on?! Think about it thus:
Customers are not informed up front that a merchant has signed up to Verified by Visa or SecureCode
The Verified by Visa or SecureCode password request is delivered in a dialogue box (a pop-up window or iframe) making it really difficult to detect whether or not a site is genuine if you do not know how to do so.
The appearance of phishing attacks hunting for Verified by Visa passwords is proliferating... I wonder why... the pickings must be easy in a context where internet users are unsure about who is who.
You have probably guessed that I am a bit peeved by this. Look at it this way:
If my Verified by Visa password is obtained by phishers that makes it really easy for them to make internet purchases;
What is worse, it makes it almost impossible for consumers to deny responsibility for fraudulent transactions;
Seemingly, Verified by Visa and Mastercard SecureCode are there to protect the banks, not the card holder.
Card verification schemes allow banks to claim that transactions using stolen credit card and verification details were, in actuality, made by the card holder.
I cannot change Visa or Mastercards way of thinking. All I can do is bring to the fore the fundamental contradiction at the heart of their scheme. Make up your own mind.
See Norton 360 in action
How a phishing attack was spotted and stopped in its track, in seconds.
Norton Internet Security
Norton Security is the world-leader in home PC security, with good reason. Tiscali is offering up to 50% off Norton Security packages. Find out more.
Online ID protection
If you, your family or your business shop or sell online, use social networks, bank online, chat online, use auction sites or just surf the web, you will need security to complement your anti-virus package. Tiscali Spyguard offers online ID theft protection for less than £1.70 a month.Sanjit Chudha
.gif)
