Results 1 to 25 of 25

Thread: Verified By Visa

  1. #1

    Thread Starter
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Angry Verified By Visa

    So the story goes as follows:

    One a sunny day in August I attempted to pay my credit car bill via the online interface provided by my credit card provider. I put in the amount I wish to pay, select the account I wish to pay from and press submit. Up pops a box saying "verified by visa". It wants me to register

    So I phone up the credit card company who say that the transaction will not go through until I register. The CC company claim that this has been brought in by my bank / building society. So, I phone the BS which I have the debit card with and ask them what "verified by visa" is. No one seems to know, or have heard of the name of the website which popped up in the iframe of the CC's online payment page.

    After several more calls I am told by my BS that if I wish to use my debit card for online payments in future then I will need to register with the VbV scheme. Not only this I am also told that a block has been placed on my card and I cannot use it for Visa transactions until I register with VbV. Having already refused to register, I had a quick peek at the terms and conditions which one must agree to upon joining the scheme (hey, you could choose to disagree but then you won't be able to use your card anymore). A couple of the more notable items in the T&C's:
    6. Your liability
    Unless you are a victim of fraud, you are responsible for all instructions sent using your password.
    So who is it that has to prove I am a victim of fraud? Me I suppose. And I guess that if I cannot prove it then I am guilty of fraud myself? Nice try at liability dumping.

    (d) Once you have registered your card for xxxxxxxxx VbV you will not be able to cancel that registration.
    Ever heard of the data protection act?

    7. Use of your information
    (a) We may use the data you have provided to administer the VbV process.

    (b) We may transfer this information to a country that is outside the European Economic Area for the purposes of managing and administering VbV and we will ensure that the security of your data is maintained.

    (c) We may provide the police or any prosecuting authority any information obtained in connection with xxxxxxxxxxx VbV in order to allow them to investigate any suspected use of your security details.
    It would be nice to know who exactly I am giving my information to before I allow you to use it. Oh and I suppose you use C when implicating me in fraudulent activity on my account huh?


    My BS told me that if I register for VbV online transactions will now by 100% secure. They told me that it was introduced for the security of THEIR customers. They told me that I should be grateful.

    I am always dubious about so called "FREE, extra security" features provided by financial institutions. Doubly so when they try and force you to enrol on these schemes and agree to terms and conditions I do not want to agree to. The way in which my BS have implemented this is a load of cock and bull and stinks like a covert money saving exercise on their part (remember chip and pin??). I will not be told how to be more secure online and I will not be patronised by you when I choose not to play along with your lability dumping initiatives.

    If you want my advice; steer clear of VbV and steer clear of any bank who tries to force you to register your cards on the scheme.
    Last edited by visualAd; Sep 13th, 2008 at 05:51 PM.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  2. #2
    Frenzied Member I_Love_My_Vans's Avatar
    Join Date
    Jan 2005
    Location
    In the PHP compiler
    Posts
    1,275

    Re: Verified By Visa

    Have you heard of the latest security system, its free and called AGV Anti Firewall Theft Underprotection...

    Or I think thats whats its called.

  3. #3
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,173

    Re: Verified By Visa

    Verified by Visa has been around for years. And it's good - I now feel cautious using sites that don't have VbV implemented. It involves a page with an IFRAME that goes to a visa website where you enter a 'secret' password that you've associated with your online transactions. And you can get a personalized message so that you can know it's on the right VbV page.

    And all the points in Rule #7 are going to apply to you anyways when you use your card. It doesn't matter where or what you use.

  4. #4

    Thread Starter
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: Verified By Visa

    Quote Originally Posted by mendhak
    Verified by Visa has been around for years. And it's good - I now feel cautious using sites that don't have VbV implemented. It involves a page with an IFRAME that goes to a visa website where you enter a 'secret' password that you've associated with your online transactions. And you can get a personalized message so that you can know it's on the right VbV page.

    And all the points in Rule #7 are going to apply to you anyways when you use your card. It doesn't matter where or what you use.
    I agree; it is a good idea but the way in which it has been implemented by websites and financial institutions sucks.
    • Firstly the registration process also uses an IFrame which points to another site. Here, you need to give you card details, mothers maiden name your password. There is no way of verifying what site this iframe is pointing because you haven't yet created the personal message (unless of course you know how to check). As yet, no browser displays the URL of iframes on the page itself.

      It wouldn't take a lot of effort or skill for a criminal to copy this registration process and grab the information off the user and use it for malicious purposes. The cyber criminals have infact already jumped on this bandwagon:

      http://www.itnews.com.au/Tools/Print.aspx?CIID=108196
      http://www.vnunet.com/vnunet/news/22...s-exploit-card

    • The terms and conditions are ambiguous and open to interpretation at best. There have been similar instances where individuals with chip & pin in the UK have been taken to court for fraudulent transactions carried out on their own accounts (http://news.bbc.co.uk/1/hi/programme...ht/7265437.stm) and others of individuals being told that the fraud must be because they gave their pin to someone else (http://www.guardian.co.uk/technology...echcrime.news). And as chip and pin has shown, the extra 'security' in one part of the system shifts the vulnerabilities to another part; this is demonstrated by the massive rise in card not present fraud since the introduction of chip and pin.

      The liability dumping means that its up to the customer to prove that the transaction was fraudulent and can potentially mean that the bank could turn round and say "because you are not using an "approved" anti virus program on the PC which you carry out your online transactions; its your fault". For the customer, proving they are not a fault os more difficult than it may seem as banks have more non disclosure policies than a spotty teenage has porn magazines.

    • The BS I spoke to knew very little about VbV and how it worked. Most of the call centre staff were programmed to say "it makes online shopping 100% secure". If you register using the online iframe shown in by most retailers when the card is not registered then there is little or no explanation about exactly how the service works. Except to say that the it is there to make your transactions safer and a link to the T & C's with a tick box aside confirming you agree.

      This is bad because it does exactly the opposite and reduces consumer security by luring them into a false sense of security. The majority of customers simply want to get their shopping done and go through the motions of ticking boxes and filling out the required information. Confronted with a feature that improves security the consumer will simply "think" it is more secure.

      This means with out a doubt that many customers are registering and not realising the significance of what the scheme offers, the purpose of the personal message or the ways in which it doesn't improve security.

    • In order to use VbV Javascript needs to be enabled on the browser. This can introduce other vulnerabilities and reduces the availability of the service for those who cannot enable JS.

      http://www.cerias.purdue.edu/site/bl...y-visa-issues/

    • Finally this whole thing is that it only adds verification to one part of an entire system. That is the point at which the transaction is made. If a criminal grabs your CC details and your address for example; they can still use it for fraudulent purposes by visiting sites which are not part of the scheme, cloning the card in a foreign country or event registering it with the VbV scheme themselves.

      This just represents another hoop for cyber criminals to jump through and one which they gladly will because along the way they can collect a few more personal details about the victim.


    Financial institutions need to be pro-actively addressing the weakest link which is the human vulnerabilities. My biggest misgiving is the way in which the VbV scheme is being promoted as "improving your security" and not as "promoting better security". This gives customers the impression that they will now be safer when shopping online; the truth is that they will only be safer if they are shown how the system and the verification process works instead of just being told by the bank of BS "this has improved your security".
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  5. #5
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    So I'm the only one who clicked into this thread thinking it said "Verified by Vista"?
    Last edited by kregg; Sep 17th, 2008 at 02:06 PM.

  6. #6
    I'm about to be a PowerPoster! Hack's Avatar
    Join Date
    Aug 2001
    Location
    Searching for mendhak
    Posts
    58,333

    Re: Verified By Visa

    I think you are the only person walking into this thread period.

    The rest of us clicked in.

  7. #7
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    Hur, hur, hur, Hack. Hur, hur!

  8. #8
    Frenzied Member MaximilianMayrhofer's Avatar
    Join Date
    Aug 2007
    Location
    IM IN YR LOOP
    Posts
    2,001

    Re: Verified By Visa

    I like to think that I 'surfed' in, myself.

  9. #9
    Hyperactive Member Foxer's Avatar
    Join Date
    Oct 2001
    Location
    Australia
    Posts
    278

    Re: Verified By Visa

    I like to think I slide in on my knees strumming an air-guitar.

    I thought everyone did that.
    Rate my response if I helped

    Go Hard Or Go Home


  10. #10
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    I Web-2.0'd in.

  11. #11
    Frenzied Member zaza's Avatar
    Join Date
    Apr 2001
    Location
    Borneo Rainforest Habits: Scratching
    Posts
    1,486

    Re: Verified By Visa

    Get a Switch. Or Electron.
    I use VB 6, VB.Net 2003 and Office 2010



    Code:
    Excel Graphing | Excel Timer | Excel Tips and Tricks | Add controls in Office | Data tables in Excel | Gaussian random number distribution (VB6/VBA,VB.Net) | Coordinates, Vectors and 3D volumes

  12. #12

  13. #13
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    Sorry VA but dems da rules. You could always go back to using actual money or writting checks and mailing them

    I work with Visa/Master Card and its really such a huge process; Direct deposite, transfering of funds from one bank to the Fed to another bank etc.

    There are alot more ways to steal your information without VBV. I cant say publically but I know of an incident just last week where someone was arrested for a certain kind of funds theft. Trust me, it doesnt have to be done on the internet. Internal operations can make you just as vulnerable if not more then on the internet.
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  14. #14
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    I've gone with a similar scheme called Netbanx. I personally don't understand how it can be any more secure, but I have to live with it.

  15. #15
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    Only the data you store with then is secure but they disperse your data to other parties and locations which is not guarentted as secure according to their terms.
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  16. #16
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    Quote Originally Posted by RobDog888
    Only the data you store with then is secure but they disperse your data to other parties and locations which is not guarentted as secure according to their terms.
    Great. More T&C to read.

  17. #17
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    Well depends upon what "T&C" stands for
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  18. #18
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa

    Terms and Conditions. Or as banks usually do nowadays, Turd & Crap.

  19. #19
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  20. #20
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa


  21. #21
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  22. #22
    Fanatic Member kregg's Avatar
    Join Date
    Feb 2006
    Location
    UK
    Posts
    524

    Re: Verified By Visa


  23. #23
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    Nope nope
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

  24. #24
    Hyperactive Member BillGeek's Avatar
    Join Date
    Jun 2006
    Location
    Canada
    Posts
    440

    Re: Verified By Visa

    Quote Originally Posted by kregg
    Terms and Conditions. Or as banks usually do nowadays, Turd & Crap.
    I'll remember that when I have to do my banking again...

  25. #25
    Ex-Super Mod RobDog888's Avatar
    Join Date
    Apr 2001
    Location
    LA, Calif. Raiders #1 AKA:Gangsta Yoda™
    Posts
    60,710

    Re: Verified By Visa

    Dont forget to flush lol.
    VB/Office Guru™ (AKA: Gangsta Yoda®)
    I dont answer coding questions via PM. Please post a thread in the appropriate forum.

    Microsoft MVP 2006-2011
    Office Development FAQ (C#, VB.NET, VB 6, VBA)
    Senior Jedi Software Engineer MCP (VB 6 & .NET), BSEE, CET
    If a post has helped you then Please Rate it!
    Reps & Rating PostsVS.NET on Vista Multiple .NET Framework Versions Office Primary Interop AssembliesVB/Office Guru™ Word SpellChecker™.NETVB/Office Guru™ Word SpellChecker™ VB6VB.NET Attributes Ex.Outlook Global Address ListAPI Viewer utility.NET API Viewer Utility
    System: Intel i7 6850K, Geforce GTX1060, Samsung M.2 1 TB & SATA 500 GB, 32 GBs DDR4 3300 Quad Channel RAM, 2 Viewsonic 24" LCDs, Windows 10, Office 2016, VS 2019, VB6 SP6

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width