VBV (or 3D secure as it is called today) is part of a move by the credit card companies and the banks to push the risk to the most vulnerable party, the consumer.
The idea is that this absolutely crack proof scheme requires you to authenticate yourself to your bank in a fairly complex three way handshake.
In the old (read pre-VBV) days the card companies and issuing banks would saddle the merchants with any charges that were disputed using the chargeback mechanmism.
Verified-by-Visa removes this safeguard by adding an additional layer of authentication which supposedly has the same strength as you being on-premise and signing on the dotted line to authorize your purchase. This will effectively remove a lot of the excuses that you might have had such as 'it wasn't me', 'I wasn't there' and 'I never meant to buy this', which were the most common excuses consumers would come up with after using a service for anywhere up to 6 months and then yanking back all 6 months worth of payments and saddling the merchants with the loss of income, pay-outs to affiliates already made and additional charge-back fees on top of that.
So even if the goal was a fairly noble one it looks as though the whole idea is predicated on one tiny little detail, which is that VBV is supposedly hack-proof, but in fact this is highly dependent on both your bank and the security of their implementation. Neither of those are as ironclad as they should be to remove all doubt.
But of course the banks/card companies are not willing to end up holding the bag if there is trouble so it falls to the consumer to prove that they really were not involved in the transaction and that is very hard.
On the positive side in this whole debate: Even if a consumer is defrauded there is always someone who benefits and following the money usually leads to the perp. That's why it is hard to order stuff online with credit cards that were not issued in the country that the person using them is from, that's why it is hard to spend your money on three different continents with the same credit card within a single day and so on.
Lots and lots of money goes in to early warning fraud detection (before the fraud happens) and this nips a very large percentage of potential fraud in the bud.
Something very strange I noticed with Verified by Visa and with Mastercard Secure Code is that both sometimes forget that you have already enrolled and make you re-enroll (i.e., answer their weak "security questions", like date of birth, and then choose a password).
It happened once with Verified by Visa and twice with Mastercard Secure Code so far. (No, my card numbers had not changed.)
These systems can't be trusted to even reliably remember my previous password.
The idea is that this absolutely crack proof scheme requires you to authenticate yourself to your bank in a fairly complex three way handshake.
In the old (read pre-VBV) days the card companies and issuing banks would saddle the merchants with any charges that were disputed using the chargeback mechanmism.
Verified-by-Visa removes this safeguard by adding an additional layer of authentication which supposedly has the same strength as you being on-premise and signing on the dotted line to authorize your purchase. This will effectively remove a lot of the excuses that you might have had such as 'it wasn't me', 'I wasn't there' and 'I never meant to buy this', which were the most common excuses consumers would come up with after using a service for anywhere up to 6 months and then yanking back all 6 months worth of payments and saddling the merchants with the loss of income, pay-outs to affiliates already made and additional charge-back fees on top of that.
So even if the goal was a fairly noble one it looks as though the whole idea is predicated on one tiny little detail, which is that VBV is supposedly hack-proof, but in fact this is highly dependent on both your bank and the security of their implementation. Neither of those are as ironclad as they should be to remove all doubt.
But of course the banks/card companies are not willing to end up holding the bag if there is trouble so it falls to the consumer to prove that they really were not involved in the transaction and that is very hard.
On the positive side in this whole debate: Even if a consumer is defrauded there is always someone who benefits and following the money usually leads to the perp. That's why it is hard to order stuff online with credit cards that were not issued in the country that the person using them is from, that's why it is hard to spend your money on three different continents with the same credit card within a single day and so on.
Lots and lots of money goes in to early warning fraud detection (before the fraud happens) and this nips a very large percentage of potential fraud in the bud.