Verified by Visa
From Wikipedia, the free encyclopedia
Verified by Visa is a system used by Visa as an added layer of security for online credit card transactions. A similar system is used by MasterCard under the name SecureCode.
"Verified by Visa" and "SecureCode" both are being introduced in conjunction with EMV as a means of shifting responsibility for fraud away from the credit card companies and also introducing more secure transactions, where the party not implementing the technology in question is held responsible for money lost due to fraud.
A transaction using Verified by Visa/SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction either using private personal details kept by the bank, a user-chosen password, or, more securely, a one-time password. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches.
[edit] Security Concerns
The "Verified by Visa" system has drawn some criticism,[1] since it is hard for users to differentiate between the legitimate Verified by Visa pop-up window and a fraudulent phishing site. This is because the pop-up window is served from a domain which is:
- Not the site where the user is shopping.
- Not the card issuing bank
- Not visa.com
Indeed, the Verified by Visa system has become the target of some phishing scams[2]. However the use of the inline frame window has reduced user confusion.
The system also provides a "forgot your password" link so the user can reset their password in real time if forgotten.
