-
November 24th, 2004, 02:39 PM
#1
Verified By Visa -- BWAHAHAHAHA...
I have to chuckle. This concept came out of the idea that one would need to verify who the user was that was using the Visa number when doing online purchases. The TV Ad that Visa ran was rather humourous in that a person would attempt to buy something and then stick their head into the monitor. The customer service rep would then yank his head out on the other end and yell to her colleagues "Does anyone know this guy!?!?" to which someone would reply "Yea, he's a friend of my sister's boyfriend's friend".
So Visa introduced Verified by Visa as a method of securing transactions. I have to laugh however at a recent transaction I did. I purchased a train ticket with my Visa card and it asked me for my "Verified by Visa" password. I panicked. I don't remember getting or setting one. Oh look. A "Forgot your Password?" option. I click on it. It asks me for the 3 extra digits, my birthday (month/year), how my name is spelled on the card and it's expiry date -- all information that actually can be easily tracked down. When Visa came and did a lecture at my college earlier this year, they were quite hyped up about the whole VbV process. (They also seemed hyped up about creating a card that would hold EVERYTHING -- driver's license, passport, credit card info, etc. -- using smart card technology).
Anyways, I ended up creating my password after putting that simple information in. It strikes me that the verification isn't that... well... verifiable. I remember asking Visa as to what information was necessary for it and they said it was birth month/year. They didn't use things like Mother's maiden name, etc since it was commonly found (like this isn't?!)
Sigh.
I do wish they would look into how user's operate and generate security around that. The idea that the user should know better isn't working any more. The user doesn't know better. The user is clueless.
Security should be built around that.
-
November 24th, 2004, 02:42 PM
#2
And so is Visa's marketing it seems....They probabaly created the "Verified by Visa" slogan....
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 24th, 2004, 02:57 PM
#3
Perhaps they mean that the password you enter is "Verified by Visa." After all, as we all know, it's much easier to match a password than having to go to all that extra trouble to verify the user's actual identitiy....
-
November 24th, 2004, 03:02 PM
#4
Yes but if the process to get the password isn't one that is truly secure (that is, I only needed very common and basic information) then verifying the password seems rather silly.
-
November 24th, 2004, 03:57 PM
#5
I apologize, I should have included my <sarcasm> tag.
-
November 24th, 2004, 04:02 PM
#6
Do you remember the national ID card idea in the U.S.? Guess what framework they were gonna use.
I can see it now...
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
November 24th, 2004, 06:36 PM
#7
While the system is incredibly stupid, it can stop alot more fraud than you might think. It 'raises the bar' so to speak...at least in my experience.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
November 24th, 2004, 07:04 PM
#8
So MsMittens, have you had a bunch of AO pm's asking you when your birthday is? I will send you a cake, pending that its paid for by your visa ;-p
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
November 24th, 2004, 07:37 PM
#9
The problem with security is if they make something like recovering a password too hard then they have to deal with all the idiots that can’t remember secret questions/their own information/etc. But if they make it too easy then people with actual intelligence complain that it’s not secure. Unfortunately there are far more stupid people in this world then smart, and because of this large companies accommodate them.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|