Vilified by Visa

Monday 1st February, 2010

Following on from a previous post about how the Verified By Visa and Mastercard SecureCode are training users to give up their identity to anyone who asks for it, apparently some lovely boffins at Cambridge have written a paper on it. (via)

Unverified by Visa

Tuesday 31st March, 2009

Ben Laurie has a very clear-headed post on security dangers exacerbated by Visa’s VbV programme (the same criticisms seem to apply to similar efforts by other vendors).

The short version is that these mechanisms train consumers to provide their private account data to anyone claiming to be the card issuer. The problem is that there’s no way for the user to know that the data is being transmitted to the vendor rather than an imposter.

It makes you wonder what requirements were given to the people that designed the process. From my experience these verification processes cause a not insignificant drop-off in the success rate of payment processes, ie. fewer sales.  With that (and the security problem) in mind it’s a fair bet that this particular family of  verification mechanisms won’t last that long.