Friday, 20 June 2008

Verified by Visa, Barclays style: zero additional security!

How secure is the additional protection provided by Barclays Bank's Verified by Visa system? Here's what I have to do if I've forgotten my VbV passphrase, which is needed to use my card to shop on-line:

Step one:

Step Two:

Step Three:

All done:

So the answer is: not very much at all. The only thing someone who has my card needs to find out is my date of birth, and with that they can then use my card for online purchases that are protected by Verified by Visa. They even get told my VbV username (blurred out in the image above), which allows them to log into my VbV account and see all my transaction history. Not good.

I particularly like the bit where it says "Your password will be used on all future purchases at participating online stores". What it really means is "You can forget your password, as you only need your card and your date of birth to set a new one", and this is, in fact, what I always do.

No comments: