-
Sep 13th, 2008, 05:45 PM
#1
Verified By Visa
So the story goes as follows:
One a sunny day in August I attempted to pay my credit car bill via the online interface provided by my credit card provider. I put in the amount I wish to pay, select the account I wish to pay from and press submit. Up pops a box saying "verified by visa". It wants me to register
So I phone up the credit card company who say that the transaction will not go through until I register. The CC company claim that this has been brought in by my bank / building society. So, I phone the BS which I have the debit card with and ask them what "verified by visa" is. No one seems to know, or have heard of the name of the website which popped up in the iframe of the CC's online payment page.
After several more calls I am told by my BS that if I wish to use my debit card for online payments in future then I will need to register with the VbV scheme. Not only this I am also told that a block has been placed on my card and I cannot use it for Visa transactions until I register with VbV. Having already refused to register, I had a quick peek at the terms and conditions which one must agree to upon joining the scheme (hey, you could choose to disagree but then you won't be able to use your card anymore). A couple of the more notable items in the T&C's:
6. Your liability
Unless you are a victim of fraud, you are responsible for all instructions sent using your password.
So who is it that has to prove I am a victim of fraud? Me I suppose. And I guess that if I cannot prove it then I am guilty of fraud myself? Nice try at liability dumping.
(d) Once you have registered your card for xxxxxxxxx VbV you will not be able to cancel that registration.
Ever heard of the data protection act?
7. Use of your information
(a) We may use the data you have provided to administer the VbV process.
(b) We may transfer this information to a country that is outside the European Economic Area for the purposes of managing and administering VbV and we will ensure that the security of your data is maintained.
(c) We may provide the police or any prosecuting authority any information obtained in connection with xxxxxxxxxxx VbV in order to allow them to investigate any suspected use of your security details.
It would be nice to know who exactly I am giving my information to before I allow you to use it. Oh and I suppose you use C when implicating me in fraudulent activity on my account huh?
My BS told me that if I register for VbV online transactions will now by 100% secure. They told me that it was introduced for the security of THEIR customers. They told me that I should be grateful.
I am always dubious about so called "FREE, extra security" features provided by financial institutions. Doubly so when they try and force you to enrol on these schemes and agree to terms and conditions I do not want to agree to. The way in which my BS have implemented this is a load of cock and bull and stinks like a covert money saving exercise on their part (remember chip and pin??). I will not be told how to be more secure online and I will not be patronised by you when I choose not to play along with your lability dumping initiatives.
If you want my advice; steer clear of VbV and steer clear of any bank who tries to force you to register your cards on the scheme.
Last edited by visualAd; Sep 13th, 2008 at 05:51 PM.
-
Sep 14th, 2008, 03:46 AM
#2
Re: Verified By Visa
Have you heard of the latest security system, its free and called AGV Anti Firewall Theft Underprotection...
Or I think thats whats its called.
-
Sep 14th, 2008, 04:52 AM
#3
Re: Verified By Visa
Verified by Visa has been around for years. And it's good - I now feel cautious using sites that don't have VbV implemented. It involves a page with an IFRAME that goes to a visa website where you enter a 'secret' password that you've associated with your online transactions. And you can get a personalized message so that you can know it's on the right VbV page.
And all the points in Rule #7 are going to apply to you anyways when you use your card. It doesn't matter where or what you use.
-
Sep 14th, 2008, 06:56 AM
#4
Re: Verified By Visa
Originally Posted by mendhak
Verified by Visa has been around for years. And it's good - I now feel cautious using sites that don't have VbV implemented. It involves a page with an IFRAME that goes to a visa website where you enter a 'secret' password that you've associated with your online transactions. And you can get a personalized message so that you can know it's on the right VbV page.
And all the points in Rule #7 are going to apply to you anyways when you use your card. It doesn't matter where or what you use.
I agree; it is a good idea but the way in which it has been implemented by websites and financial institutions sucks.
- Firstly the registration process also uses an IFrame which points to another site. Here, you need to give you card details, mothers maiden name your password. There is no way of verifying what site this iframe is pointing because you haven't yet created the personal message (unless of course you know how to check). As yet, no browser displays the URL of iframes on the page itself.
It wouldn't take a lot of effort or skill for a criminal to copy this registration process and grab the information off the user and use it for malicious purposes. The cyber criminals have infact already jumped on this bandwagon:
http://www.itnews.com.au/Tools/Print.aspx?CIID=108196
http://www.vnunet.com/vnunet/news/22...s-exploit-card
- The terms and conditions are ambiguous and open to interpretation at best. There have been similar instances where individuals with chip & pin in the UK have been taken to court for fraudulent transactions carried out on their own accounts (http://news.bbc.co.uk/1/hi/programme...ht/7265437.stm) and others of individuals being told that the fraud must be because they gave their pin to someone else (http://www.guardian.co.uk/technology...echcrime.news). And as chip and pin has shown, the extra 'security' in one part of the system shifts the vulnerabilities to another part; this is demonstrated by the massive rise in card not present fraud since the introduction of chip and pin.
The liability dumping means that its up to the customer to prove that the transaction was fraudulent and can potentially mean that the bank could turn round and say "because you are not using an "approved" anti virus program on the PC which you carry out your online transactions; its your fault". For the customer, proving they are not a fault os more difficult than it may seem as banks have more non disclosure policies than a spotty teenage has porn magazines.
- The BS I spoke to knew very little about VbV and how it worked. Most of the call centre staff were programmed to say "it makes online shopping 100% secure". If you register using the online iframe shown in by most retailers when the card is not registered then there is little or no explanation about exactly how the service works. Except to say that the it is there to make your transactions safer and a link to the T & C's with a tick box aside confirming you agree.
This is bad because it does exactly the opposite and reduces consumer security by luring them into a false sense of security. The majority of customers simply want to get their shopping done and go through the motions of ticking boxes and filling out the required information. Confronted with a feature that improves security the consumer will simply "think" it is more secure.
This means with out a doubt that many customers are registering and not realising the significance of what the scheme offers, the purpose of the personal message or the ways in which it doesn't improve security.
- In order to use VbV Javascript needs to be enabled on the browser. This can introduce other vulnerabilities and reduces the availability of the service for those who cannot enable JS.
http://www.cerias.purdue.edu/site/bl...y-visa-issues/
- Finally this whole thing is that it only adds verification to one part of an entire system. That is the point at which the transaction is made. If a criminal grabs your CC details and your address for example; they can still use it for fraudulent purposes by visiting sites which are not part of the scheme, cloning the card in a foreign country or event registering it with the VbV scheme themselves.
This just represents another hoop for cyber criminals to jump through and one which they gladly will because along the way they can collect a few more personal details about the victim.
Financial institutions need to be pro-actively addressing the weakest link which is the human vulnerabilities. My biggest misgiving is the way in which the VbV scheme is being promoted as "improving your security" and not as "promoting better security". This gives customers the impression that they will now be safer when shopping online; the truth is that they will only be safer if they are shown how the system and the verification process works instead of just being told by the bank of BS "this has improved your security".
-
Sep 17th, 2008, 12:24 PM
#5
Fanatic Member
Re: Verified By Visa
So I'm the only one who clicked into this thread thinking it said "Verified by Vista"?
Last edited by kregg; Sep 17th, 2008 at 02:06 PM.
-
Sep 17th, 2008, 01:22 PM
#6
Re: Verified By Visa
I think you are the only person walking into this thread period.
The rest of us clicked in.
-
Sep 17th, 2008, 02:07 PM
#7
Fanatic Member
Re: Verified By Visa
Hur, hur, hur, Hack. Hur, hur!
-
Sep 17th, 2008, 02:51 PM
#8
Re: Verified By Visa
I like to think that I 'surfed' in, myself.
-
Sep 17th, 2008, 05:48 PM
#9
Hyperactive Member
Re: Verified By Visa
I like to think I slide in on my knees strumming an air-guitar.
I thought everyone did that.
Rate my response if I helped
Go Hard Or Go Home
-
Sep 17th, 2008, 05:48 PM
#10
Fanatic Member
-
Sep 18th, 2008, 02:32 PM
#11
Re: Verified By Visa
Get a Switch. Or Electron.
-
Sep 22nd, 2008, 12:09 AM
#12
Hyperactive Member
Re: Verified By Visa
Originally Posted by Foxer
I thought everyone did that.
Fortunately for us, not everyone is from Auz.
-
Sep 22nd, 2008, 02:12 AM
#13
Re: Verified By Visa
Sorry VA but dems da rules. You could always go back to using actual money or writting checks and mailing them
I work with Visa/Master Card and its really such a huge process; Direct deposite, transfering of funds from one bank to the Fed to another bank etc.
There are alot more ways to steal your information without VBV. I cant say publically but I know of an incident just last week where someone was arrested for a certain kind of funds theft. Trust me, it doesnt have to be done on the internet. Internal operations can make you just as vulnerable if not more then on the internet.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 01:55 PM
#14
Fanatic Member
Re: Verified By Visa
I've gone with a similar scheme called Netbanx. I personally don't understand how it can be any more secure, but I have to live with it.
-
Sep 22nd, 2008, 06:44 PM
#15
Re: Verified By Visa
Only the data you store with then is secure but they disperse your data to other parties and locations which is not guarentted as secure according to their terms.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 06:50 PM
#16
Fanatic Member
Re: Verified By Visa
Originally Posted by RobDog888
Only the data you store with then is secure but they disperse your data to other parties and locations which is not guarentted as secure according to their terms.
Great. More T&C to read.
-
Sep 22nd, 2008, 06:51 PM
#17
Re: Verified By Visa
Well depends upon what "T&C" stands for
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 06:52 PM
#18
Fanatic Member
Re: Verified By Visa
Terms and Conditions. Or as banks usually do nowadays, Turd & Crap.
-
Sep 22nd, 2008, 06:53 PM
#19
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 06:59 PM
#20
Fanatic Member
-
Sep 22nd, 2008, 07:00 PM
#21
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 07:01 PM
#22
Fanatic Member
-
Sep 22nd, 2008, 07:04 PM
#23
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
-
Sep 22nd, 2008, 11:06 PM
#24
Hyperactive Member
Re: Verified By Visa
Originally Posted by kregg
Terms and Conditions. Or as banks usually do nowadays, Turd & Crap.
I'll remember that when I have to do my banking again...
-
Sep 22nd, 2008, 11:06 PM
#25
Re: Verified By Visa
Dont forget to flush lol.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.
Microsoft MVP 2006-2011
Office Development FAQ (C#, VB.NET, VB 6, VBA)
Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
If a post has helped you then Please Rate it!
• Reps & Rating Posts • VS.NET on Vista • Multiple .NET Framework Versions • Office Primary Interop Assemblies • VB/Office Guru™ Word SpellChecker™.NET • VB/Office Guru™ Word SpellChecker™ VB6 • VB.NET Attributes Ex. • Outlook Global Address List • API Viewer utility • .NET API Viewer Utility •
System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|