Verified By Visa -- BWAHAHAHAHA...

[MrLinus]

I have to chuckle. This concept came out of the idea that one would need to verify who the user was that was using the Visa number when doing online purchases. The TV Ad that Visa ran was rather humourous in that a person would attempt to buy something and then stick their head into the monitor. The customer service rep would then yank his head out on the other end and yell to her colleagues "Does anyone know this guy!?!?" to which someone would reply "Yea, he's a friend of my sister's boyfriend's friend".

So Visa introduced Verified by Visa as a method of securing transactions. I have to laugh however at a recent transaction I did. I purchased a train ticket with my Visa card and it asked me for my "Verified by Visa" password. I panicked. I don't remember getting or setting one. Oh look. A "Forgot your Password?" option. I click on it. It asks me for the 3 extra digits, my birthday (month/year), how my name is spelled on the card and it's expiry date -- all information that actually can be easily tracked down. When Visa came and did a lecture at my college earlier this year, they were quite hyped up about the whole VbV process. (They also seemed hyped up about creating a card that would hold EVERYTHING -- driver's license, passport, credit card info, etc. -- using smart card technology).

Anyways, I ended up creating my password after putting that simple information in. It strikes me that the verification isn't that... well... verifiable. I remember asking Visa as to what information was necessary for it and they said it was birth month/year. They didn't use things like Mother's maiden name, etc since it was commonly found (like this isn't?!)

Sigh.

I do wish they would look into how user's operate and generate security around that. The idea that the user should know better isn't working any more. The user doesn't know better. The user is clueless.

Security should be built around that.

[SirDice]

The user is clueless.

And so is Visa's marketing it seems....They probabaly created the "Verified by Visa" slogan....

[Timmy77]

Perhaps they mean that the password you enter is "Verified by Visa." After all, as we all know, it's much easier to match a password than having to go to all that extra trouble to verify the user's actual identitiy....

[MrLinus]

Yes but if the process to get the password isn't one that is truly secure (that is, I only needed very common and basic information) then verifying the password seems rather silly.

[Timmy77]

I apologize, I should have included my <sarcasm> tag.

[thehorse13]

Do you remember the national ID card idea in the U.S.? Guess what framework they were gonna use.

I can see it now...

[Juridian]

While the system is incredibly stupid, it can stop alot more fraud than you might think. It 'raises the bar' so to speak...at least in my experience.

[kr5kernel]

So MsMittens, have you had a bunch of AO pm's asking you when your birthday is? I will send you a cake, pending that its paid for by your visa ;-p

[XTC46]

The problem with security is if they make something like recovering a password too hard then they have to deal with all the idiots that can’t remember secret questions/their own information/etc. But if they make it too easy then people with actual intelligence complain that it’s not secure. Unfortunately there are far more stupid people in this world then smart, and because of this large companies accommodate them.