Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Visa introduces SMS one-time passwords for online shopping

Visa has partnered with banks in China and Taiwan to introduce an SMS-based one-time password system for cardholders to authenticate themselves when making online purchases.

See article

VBV is locking your front door but leaving your windows open

:-)  Getting warmer...  

Using VBV is very much like locking your front door but leaving your windows open. I have said this in 2001 to a VISA security executive : "VBV or 3DSecure's weakness is that it requires ALL online merchants to participate in order for it to work".

The solution is quite simple. This really isn't brain surgery.

VISA Card Issuers should enable cardholders to deactivate their card accounts for card not present (MOTO, internet) transactions and activate the card account for each card not present transaction directly with the issuer and preferably using multi-factor authentication (OTP). This direct link between cardholder and card issuer applies a universal security effect. The participation of the entire universe of online merchants would not be needed.

Additionally, cardholders access and control of their card accounts will give more transparency to the process and will open up the communication between cardholders and card issuers (banks). Banks can then re-use the same multifactor authentication method for their online banking. This, in my opinion, is something that bank customers would appreciate nowadays.


Comments: (0)

Blog group founder

Retired Member

Member since

19 Mar 2009


Blog posts




This post is from a series of posts in the group:

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

See all