Net shoppers bullied into being Verified by Visa

When voluntary means mandatory


The Verified by Visa system may be marketed as an optional opt-in system for internet shoppers, but some banks are forcing users to enrol after only three attempts to avoid it.

The unpleasant experiences of Verified by Visa refusenik and Reg reader Steve are likely to be faced by other cardholders, according to Andrew Goodwill, a director at card fraud prevention specialists The 3rd Man. The little-publicised mandatory use of Verified by Visa is down to how some banks apply the system, he explained.

A spokesman for UK banking association APACS confirmed that more banks are making the scheme (and MasterCard's equivalent SecureCode service) mandatory.

"Most card issuers offer it. Some are making it mandatory but we don't keep a tally on what the banks are doing. This is a competitive offering so different banks are doing different things," he explained.

Visa is yet to respond to our requests for information on what percentage of banks insist the cardholders sign-up and use Verified by Visa, or its guidance on the best way to explain the rollout of the scheme to merchants and cardholders.

Roll up, sign on

Both Verified by Visa (VbyV) and MasterCard's SecureCode services are designed to add an extra layer of security to credit or debit card purchases, and work using 3D Secure protocol checks. Each is designed to reduce the likelihood of fraudulent transactions while transferring the liability for bogus transactions from merchants who run purchases through the system back towards banks and other card issuers.

When shoppers make purchases online with participating retailers they are typically taken to a website run by the card-issuing bank, where they are asked to submit a VbyV or SecureCode password to proceed with the purchase. The password is set up when cardholders enroll in the programme, a process that requires knowledge of the personal details of cardholders (in the US this might be the last four digits of a social security number, for example).

An APACS spokesman summarised the desired benefits of the scheme: "For cardholders both Verified by Visa and MasterCard SecureCode make cards safer by making card not present fraud harder. Even people who don't use their cards for e-commerce transactions should sign up. [That way] even if a criminal only gets a hold of the basic card details he won't be able to use it fraudulently online.

"For e-commerce retailers the scheme guarantees they are dealing with a genuine customer. If the retailer has Verified by visa then the liability shifts back to the bank, avoiding charge-backs for fraudulent transactions."

But while these are laudable aims there are practical problems.

For example, potential confusion can arise because e-commerce users are in many cases taken to an unfamiliar website run by the card-issuing bank. The Verified by Visa guidelines suggest the bank's verification page is loaded in an inline frame session rather than a pop-up but that approach can make it difficult to confirm the frame is tied to a valid digital certificate.

Steve made a conscious decision not to opt in to the Verified by Visa system because he's not convinced of its benefits to cardholders. Recently this decision has made it more and more difficult for him to buy goods or services online.

"In the last month I have made more than half a dozen attempted online purchases," he said. "All of which have ended with the retailer's page presenting me with a 'Verified by Visa' enrolment page. Since there is no 'no thank you' button, only an 'Activate now!', I am forced to either enrol or close my browser, and I choose to do the latter.

"In each case my card provider has stopped my card. Apparently declining their invitation to enrol is a sign of fraudulent activity. I look like a fraudster who has been scared off by VbyV instead of like a customer who chooses not to enrol."


Other stories you might like

  • China’s COVID lockdowns bite e-commerce players
    CEO of e-tail market leader JD perhaps boldly points out wider economic impact of zero-virus stance

    The CEO of China’s top e-commerce company, JD, has pointed out the economic impact of China’s current COVID-19 lockdowns - and the news is not good.

    Speaking on the company’s Q1 2022 earnings call, JD Retail CEO Lei Xu said that the first two years of the COVID-19 pandemic had brought positive effects for many Chinese e-tailers as buyer behaviour shifted to online purchases.

    But Lei said the current lengthy and strict lockdowns in Shanghai and Beijing, plus shorter restrictions in other large cities, have started to bite all online businesses as well as their real-world counterparts.

    Continue reading
  • Foxconn forms JV to build chip fab in Malaysia
    Can't say when, where, nor price tag. Has promised 40k wafers a month at between 28nm and 40nm

    Taiwanese contract manufacturer to the stars Foxconn is to build a chip fabrication plant in Malaysia.

    The planned factory will emit 12-inch wafers, with process nodes ranging from 28 to 40nm, and will have a capacity of 40,000 wafers a month. By way of comparison, semiconductor-centric analyst house IC Insights rates global wafer capacity at 21 million a month, and Taiwanese TSMC’s four “gigafabs” can each crank out 250,000 wafers a month.

    In terms of production volume and technology, this Malaysian facility will not therefore catapult Foxconn into the ranks of leading chipmakers.

    Continue reading
  • NASA's InSight doomed as Mars dust coats solar panels
    The little lander that couldn't (any longer)

    The Martian InSight lander will no longer be able to function within months as dust continues to pile up on its solar panels, starving it of energy, NASA reported on Tuesday.

    Launched from Earth in 2018, the six-metre-wide machine's mission was sent to study the Red Planet below its surface. InSight is armed with a range of instruments, including a robotic arm, seismometer, and a soil temperature sensor. Astronomers figured the data would help them understand how the rocky cores of planets in the Solar System formed and evolved over time.

    "InSight has transformed our understanding of the interiors of rocky planets and set the stage for future missions," Lori Glaze, director of NASA's Planetary Science Division, said in a statement. "We can apply what we've learned about Mars' inner structure to Earth, the Moon, Venus, and even rocky planets in other solar systems."

    Continue reading
  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading

Biting the hand that feeds IT © 1998–2022