Guest 640- Registered: 21 Apr 2007
- Posts: 7,819
I wish to share with the local web-using community an article that is currently published on the Absolute Graphix website regarding an issue that affects pretty much all web users. It isn't just another "virus warning" (we seem to get hundreds of them), but rather this is a critical issue caused by, of all people, the credit card companies themselves. I feel somewhat qualified in offering this article because Absolute Graphix offers both online retail development as well as online sales via our own website, so we see it from both ends of the spectrum. It is my hope that this information will offer some genuine help to online shoppers and (if this is possible) I would welcome local views on the matter.
Lately many online retailers have been signing up to the new Verified by Visa system, which prompts buyers to enter their credit card details into a small pop-up box in order to gain a new password which "protects" them from online fraud. According to the official website at visaeurope.com, "Verified by Visa is a simple password-protected identity-checking service that takes the risk out of online retail, for you [the retailer] and for your customers".
There has been a huge backlash on the web against this new system by countless thousands of online shoppers and bloggers, and Absolute Graphix is joining their ranks. We believe that this new service is utterly atrocious in its execution. Just look at the facts:
FACT 1: Publicity and awareness of this new process has been extremely poor - online shoppers have been constantly surprised and confused by the sudden arrival of this new window in their purchase process.
FACT 2: We've been constantly told never to enter our sensitive credit card data into pop up windows and dubious forms and then all of a sudden the credit card companies want us to do exactly that! Are they mad?
FACT 3: The web forms which control this process are ridiculously easy to fake - we recreated a fully convincing one in just 10 minutes (don't worry, we never published it online anywhere, we just did it to prove a point).
FACT 4: As an online shopper you have absolutely no way of knowing if the VbyV form you are completing is real or fake. There are no checks you can make.
FACT 5: Visa claim the process is voluntary but you just try bypassing it when you try to make a purchase!
FACT 6: If a credit card is stolen before it is registered with VbyV then the new illegal owner can literally lock the rightful owner out of their own card by registering it!
At the moment it is up to individual retailers whether they wish to sign up to the scheme, but Absolute Graphix sees it as more of a threat than a benefit to shoppers. In fact it is our considered opinion that the whole ragtag idea exists merely to shift all risk and responsibility from the credit card company onto the user. In November 2007 Channel 4 News reported serious flaws in the system which would allow an experienced identity thief to overcome some of the security checks, and in June 2008 the online business resource IT-PRO reported other very serious defects in the system that expert cyber criminals could take advantage of.
Absolute Graphix won't be signing up to this scheme until it is either vastly improved or it becomes law (besides which we use PayPal which provides plenty of excellent security tools to online shoppers).
We at Absolute Graphix buy stuff online too. Just like you, we're keen shoppers. But the VbyV system has spoiled a lot of online retail websites for us - we simply will not sign-up to this awful system until it is executed properly and not simply stuck in a frame within a retailer's web page. The sad thing is that many retailers are losing sales because of it. And the even sadder thing is that it looks to get worse as more banks force us to sign up to it.
I'm sure in the fullness of time the whole system will improve and start working like a proper security process with a web of trust behind it, but for the time being at least, it flies in the face of all we've been taught to do as safe online shoppers and is profoundly flawed.
Please don't just take our word for it, Google it and do your own research. You owe it to yourself to understand the issues surrounding VbyV, plenty of online shoppers, bloggers, forums and IT professionals have published their views and statements online. If you shop online regularly then you will likely come across the VbyV system - some of you will be put-off by it, others will blindly obey its instructions. But whatever you do please make informed choices and keep your peace-of-mind in tact!
Rick Jones
Absolute Graphix
Dover
absolutegraphix.co.uk
Guest 640- Registered: 21 Apr 2007
- Posts: 7,819
Many thanks to Rick for the new feature keeping us informed. I myself am an internet shopper...buy cameras and stuff that way. So far I havent had any mishaps of any kind but as yet I havent come across this new system. The amount of fake stuff is rather frightening though...you see so much of it. Even if you get an email from Microsoft themselevs telling you that you need to do a or b you just cant trust it anymore....now with this new form as highlighted by Rick even more confusion reigns.
Brian Dixon
- Location: Dover
- Registered: 23 Sep 2008
- Posts: 23,940
thanks for the info paul/rick.
Guest 671- Registered: 4 May 2008
- Posts: 2,095
PaulB,
No, online, or any card purchase's are totally safe and never will be. No virus detectors are foolproof either, the easy way to explain that is "the best goalkeeper in the world, will still let in a goal or two now and then"
VbyV is not new, it has been around for a while now, it does not ask for all of your password, its asks for 2/3 digits of your password, if your pc is infected with Spyware, Trojan's, Adware etc, then it is possible that, given time, hackers could gain your whole password, obviously the more frequently used, the quicker they can obtain full password.
I have been using VbyV for about a year now. i do try to avoid it, but a good security practise, which I use, is to change your crucial passwords periodically. PayPal, which I have been recommending for a long time now, is also not foolproof, a close friend of mine lost over £900.00 last month in two transactions, one a purchase in euro's the other in dollars and he ended up out of pocket because of exchange rates. Having said that, I still believe internet banking is as safe as any other purchase method.
If you keep your PC clean, invest in good virus, spyware & adware protection, that's 3 separate programs, update them regularly, 2/3 times a week, change passwords occasionally, you will give yourself a fighting chance of not becoming a victim. Of course even taking those precautions won't make you failsafe.
I use AVG Free, Spybotsd160, Lavasoft Ad-Ware
"My New Year's Resolution, is to try and emulate Marek's level of chilled out, thoughtfulness and humour towards other forumites and not lose my decorum"
howard mcsweeney1- Location: Dover
- Registered: 12 Mar 2008
- Posts: 62,352
i got confronted by that security question,just logged off..
also had e mails from "my bank" telling me that they would close my account if i did not download an attachment from them.
the internet is a haven for crooks, as soon as one foolproof system comes in, then someone will find a way around it.
i do not use credit cards anymore and only use debit cards to withdraw cash, if i can help it.
Guest 640- Registered: 21 Apr 2007
- Posts: 7,819
Gosh Gary I wouldnt be happy about losing £900 in two transactions, its just not acceptable at all, even with fluctuating exchange rates that level of loss shouldnt be happening. Lots of good info in your post there so thanks for all that. Rick is joining up so no doubt he will be able to add more to the debate.
Guest 671- Registered: 4 May 2008
- Posts: 2,095
The PayPal incident is very worrying, his details must have been hijacked but why PayPal allowed these two large transactions to take place, to address's outside his own country, without checks, is something I keep telling people wont happen with PayPal. I am not that confident now, i will keep close watch.
"My New Year's Resolution, is to try and emulate Marek's level of chilled out, thoughtfulness and humour towards other forumites and not lose my decorum"
The Verified by Visa system is legit and safe, my point is the very poor execution. Banks and credit card companies are basically asking us to use a bloody pop-up window to verify our details. I ask ya!
It's stupidity born out of a desire to provide a new layer of so-called security on the cheap.