Verified By Visa -- BWAHAHAHAHA...
Results 1 to 9 of 9

Thread: Verified By Visa -- BWAHAHAHAHA...

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Verified By Visa -- BWAHAHAHAHA...

    I have to chuckle. This concept came out of the idea that one would need to verify who the user was that was using the Visa number when doing online purchases. The TV Ad that Visa ran was rather humourous in that a person would attempt to buy something and then stick their head into the monitor. The customer service rep would then yank his head out on the other end and yell to her colleagues "Does anyone know this guy!?!?" to which someone would reply "Yea, he's a friend of my sister's boyfriend's friend".

    So Visa introduced Verified by Visa as a method of securing transactions. I have to laugh however at a recent transaction I did. I purchased a train ticket with my Visa card and it asked me for my "Verified by Visa" password. I panicked. I don't remember getting or setting one. Oh look. A "Forgot your Password?" option. I click on it. It asks me for the 3 extra digits, my birthday (month/year), how my name is spelled on the card and it's expiry date -- all information that actually can be easily tracked down. When Visa came and did a lecture at my college earlier this year, they were quite hyped up about the whole VbV process. (They also seemed hyped up about creating a card that would hold EVERYTHING -- driver's license, passport, credit card info, etc. -- using smart card technology).

    Anyways, I ended up creating my password after putting that simple information in. It strikes me that the verification isn't that... well... verifiable. I remember asking Visa as to what information was necessary for it and they said it was birth month/year. They didn't use things like Mother's maiden name, etc since it was commonly found (like this isn't?!)

    Sigh.

    I do wish they would look into how user's operate and generate security around that. The idea that the user should know better isn't working any more. The user doesn't know better. The user is clueless.

    Security should be built around that.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    The user is clueless.
    And so is Visa's marketing it seems....They probabaly created the "Verified by Visa" slogan....
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Member
    Join Date
    Dec 2003
    Posts
    97
    Perhaps they mean that the password you enter is "Verified by Visa." After all, as we all know, it's much easier to match a password than having to go to all that extra trouble to verify the user's actual identitiy....

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Yes but if the process to get the password isn't one that is truly secure (that is, I only needed very common and basic information) then verifying the password seems rather silly.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    97
    I apologize, I should have included my <sarcasm> tag.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Do you remember the national ID card idea in the U.S.? Guess what framework they were gonna use.

    I can see it now...
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    While the system is incredibly stupid, it can stop alot more fraud than you might think. It 'raises the bar' so to speak...at least in my experience.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    So MsMittens, have you had a bunch of AO pm's asking you when your birthday is? I will send you a cake, pending that its paid for by your visa ;-p
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    The problem with security is if they make something like recovering a password too hard then they have to deal with all the idiots that canít remember secret questions/their own information/etc. But if they make it too easy then people with actual intelligence complain that itís not secure. Unfortunately there are far more stupid people in this world then smart, and because of this large companies accommodate them.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •