?

Log in

No account? Create an account
Trevor Stone's Journal
Those who can, do. The rest hyperlink.
Dear Visa (A Letter From the Land of Security WTF) 
17th-Dec-2007 11:14 pm
farts sign - Norway
This is a rambling description of my attempts at purchasing items online. It could probably be tightened up a bit for humorous effect, but my main interest was in documenting frustration so that I can refer back to it if some random charges appear on my card tomorrow. If nothing else, it serves as a reminder that nothing is quite as simple as handing some paper currency to a person and walking away with a bag of stuff.

Dear Visa,

You are, in many ways, in the businesses of electronic financial security and customer convenience. The following, therefore, should not happen:

  1. I select my online purchase and enter my credit card information and shipping address.
  2. I look away and look back to see a mostly-white window with a "Verified By Visa" logo and my credit union's logo and (as I recall) some text indicating that JavaScript wasn't enabled.
  3. I enable verifiedbyvisa.com and mycardsecure.com (IIRC) via NoScript.
  4. The page asks me to enter my security code, and the last four digits of my SSN and phone number.
  5. I submit such information.
  6. I am asked to create and verify a password.
  7. The next page shows the Verified By Visa logo and the logo of my credit union. And a message that a popup was blocked. And nothing else.
  8. I allow the popup window.
  9. The main Firefox window is no longer active, but no popup window is visible.
  10. I activate exposé and see the popup window and select it.
  11. I still can't see the popup window. I select Zoom from the Window menu and it sizes itself.
  12. The popup window has a submit button informing me that I should update my profile.
  13. Clicking the submit button does nothing.
  14. Back to the main window, there's still nothing but two logos.
  15. I turn on Firebug and start inspecting JavaScript functions and the DOM.
  16. I figure out which function was supposed to be run when the page loads and execute it through the console.
  17. I am redirected to an IIS error page at verifiedbyvisa.com
  18. I try the main page of verifiedbyvisa.com and receive another error page.
  19. I wonder what kind of credit card company doesn't maintain the home page for their security service.
  20. Um... have I made a purchase? Or am I in post-purchase/pre-receipt transaction limbo?
  21. I check my bank balance. My current and available balances are within two dollars, so the site hasn't charged me yet.
  22. I WHOIS verifiedbyvisa.com. Looks legit. I google verifiedbyvisa. The first page is on visa.com and has the same logo I saw before. It links to FAQs, "Solutions," places to shop, and more. Clicking on any of them leads to an error, though. What kind of credit card company has dead links all over their security system section?
  23. I return to the site and add my item again. Now it thinks I want two. Yay! Reduce quantity.
  24. I hit check out. Again.
  25. I enter my billing and shipping information again. Note that the credit card number and security code fields are not of type Password, so Firefox suggests them.
  26. I get redirected to a verifiedbyvisa page again.
  27. I note it has a "Personal Message" which reminds me that I came up with a different password for this service a few years ago when buying tickets for a concert.
  28. Based on the message, I try two variations on a password. It asks me for the card's security code, expiration date, and the last four of my SSN and phone number. Then it asks me for a new password.
  29. I enter what I thought my password was before and jot down a super secret note which has enough information for me to guess the password again.
  30. I am redirected to my original site of purchase.
  31. I print a copy of my receipt.


Internet Explorer is still used by over half of web users, but I think Firefox is around a quarter. NoScript is one of the most popular plugins for Firefox. Other browsers let you turn off JavaScript as well, just not as flexibly. Many users concerned about security browse with JavaScript turned off. It would behoove a credit card company to design their secure payment system in such a way that security-minded users don't have to disable enhanced security in order to make online purchases. This game is 12 years old. You'd think somebody would have figured it out.
Comments 
18th-Dec-2007 08:43 am (UTC)
I am pretty sure I would have shut my laptop and stalked off in a huff about step 9!
19th-Dec-2007 11:41 am (UTC)
Why should they worry about it? They're confident you will find a way around the problem and spend your money anyway.

Rather like the Phone company: "Visa. We don't care. We don't have to."
21st-Dec-2007 03:21 pm (UTC)
Allison just went through this verified by visa crap this morning with the end result being a popup that did not work and closing the laptop to deal with it later.
22nd-Dec-2007 01:13 am (UTC)
Indeed, I had to get to work.

I may or may not have ordered some workout swimsuits.
24th-Jan-2008 06:41 pm (UTC) - Grrrr vBv
Anonymous
Sounds almost simmilar to my game. I registered a credit card with vBv ages ago, only used it to purchase a couple of things, because most of the places I buy from don't use it. So I have to write the password down....Oh, forgot, not supposed to do that.

After a while, it didn't like my password, told me I needed a mixture of letters and numbers. So, enter new password. Nope, that won't do, not long enough. So I try a new , longer one, rejected, no reason given. So I try letters, numbers, and different cases. Aha! Success, verified.

Until a few days ago. I suspect that because my post code has changed (not my address, I've lived here for 20 years), vBv kept disputing the purchase I was trying to make. It doesn't tell you what information it thinks is incorrect, you have to guess that. I went back a number of times trying every combination of my address I could think of, until vBv finally didn't just decline, it blocked the card.

I simply cannot get anyone at vBv to undo this. I might as well cut up the card and get a new one. I've complained to the vendor - he is losing perfectly good sales because of this. My bank are totally useless, they pass me to their internet services, who pass me to vBv, who never answer the phone, and if they do, refer me back to my bank.

To me, it looks so amateurish, it looks like a phishing attempt. It's garbage.
This page was loaded Dec 11th 2018, 5:56 am GMT.