Verified by visa
Oct. 28th, 2012 12:37 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jackAAAAAAAAAAAAAUGH!
How can the banking industry know less about security than me?
A while ago, "Verified by Visa" became compulsory when buying things online. In order to buy anything, you have to know your verified by visa password.
Except, SURPRISE! You don't have to. You can either know your verified by visa password "passcode", OR know your card details, postcode and date of birth.
Seriously, that's strictly less secure than asking for card details, postcode, and date of birth only. I don't think I could devise a system less secure than that if I tried. For instance, it still provides absolutely zero protection against someone you know "borrowing" your credit card: shouldn't that be something passwords protect against?
I mean, I understand -- they don't want to be inundated with phone calls from people saying "I tried to buy something and I couldn't, what's wrong". But after all the brouhaha about verified by visa I thought maybe you needed to speak to someone in person, or at least need the right dongle to reset it. But no, I was insufficiently cynical. Again.
There's probably some other good reason I should know about but don't? I hope?
I do not think that if people were asked to predict my major flaw they would guess "insufficiently cynical about human stupidity". But apparently, I am. Can I rebrand it as "optimism" or "faith in mankind"..? :)
How can the banking industry know less about security than me?
A while ago, "Verified by Visa" became compulsory when buying things online. In order to buy anything, you have to know your verified by visa password.
Except, SURPRISE! You don't have to. You can either know your verified by visa password "passcode", OR know your card details, postcode and date of birth.
Seriously, that's strictly less secure than asking for card details, postcode, and date of birth only. I don't think I could devise a system less secure than that if I tried. For instance, it still provides absolutely zero protection against someone you know "borrowing" your credit card: shouldn't that be something passwords protect against?
I mean, I understand -- they don't want to be inundated with phone calls from people saying "I tried to buy something and I couldn't, what's wrong". But after all the brouhaha about verified by visa I thought maybe you needed to speak to someone in person, or at least need the right dongle to reset it. But no, I was insufficiently cynical. Again.
There's probably some other good reason I should know about but don't? I hope?
I do not think that if people were asked to predict my major flaw they would guess "insufficiently cynical about human stupidity". But apparently, I am. Can I rebrand it as "optimism" or "faith in mankind"..? :)
no subject
Date: 2012-10-29 09:43 am (UTC)Shouldn't verifying who I am involve something more inherently secure? I mean, ask me a question about something that isn't the subject of a yearly party. Ask when I got divorced. WHY I got divorced. Ask what awful thing I called a certain ex once. Ask me about something I'm ashamed of. That seems much more secure than birthday, zip code, and my mother's name!