Then you go and spoil it all by saying something stupid like “Verified By Visa”

by: dermdaly

Every time I see “Verified by Visa” I shudder

I was attempting to purchase some equipment this morning. As I went to the online checkout, I was brought to the “Verified By Visa” page. Cue shuddering.

Here’s the problem: It is far more likely to prevent me from purchasing rather than protecting me from fraud. The loser here is the merchant – Because I’ll look for the product elsewhere with a supplier who won’t use the “Verified by Visa” programme..and I’ll still use the card, so the Bank are unlikely to care.

This morning, I decided I’d persevere. I’ll finish out this process dagnammit. It took a phone call to get through the process, and a couple of false starts. What should have been 2 minutes was about 20 (including the rant down the phone I suppose).

I was given the e-mail address of the fraud team at AIB. Here’s the mail I’ve just sent. I’ll be interested in how they choose to respond:

Subject: Feedback Re: “Verified By Visa” programme
Dear Fraud Team,
I’ve been referred to yourselves as the people to provide customer feedback regarding the “Verified By Visa” programme operated when carrying out purchasing online using my AIB Credit card. There are a number of points I would like to bring to your attention, and I’d appreciate it if you could provide me with some feedback. I am a holder of 2 AIB credit cards.

Please note, I understand the concepts behind Verified By Visa, and the claims it makes, however I feel it falls short for practical reasons.

In the last number of times I’ve encountered verified by visa, it has prevented me from finishing a sale, and been the reason I chose to shop elsewhere.

This morning, I attempted to purchase some equipment from my company, and was brought to the verified by visa page. I decided that I would persevere and get through this for once. Here’s what happened:
1. I knew the card I was using was not enrolled, so I chose to enroll it.
2. It asked for CVV, date of birth, and credit limit. – I thought I put in the correct details, but I didn’t; As it turns out I didn’t know my credit limit (it is a new card).
3. I called the number on screen and spoke to a customer service advisor who unlocked it and told me my correct limit. I put this in
4. Now I was asked to supply a password. I supplied a secure password I use for specific sites only (it contains letters, digits, etc.)
5. Now I was told I had used this before. This may well be the case, as I have a personal AIB Visa however as far as I understood it, I was creating a new identity for a new card, so this surprised me – in fact, I could suggest that this is a security breach in its own right – separate cards should have separate identities but this may be an attempt at convenience.
6. I put in a different password.
7. It told me this was not good enough, and I had to adhere to guidelines as set out by the system.
8. I added some digits to the password and finally my purchase completed.

I also understand the verified by visa is an attempt to prevent fraud. I don’t buy this; I also know that verified by visa reduces transaction rates to merchants, and puts the responsibility of fraud to the card holder – this isn’t fraud prevention, it is merely shifts any loss to the end-user.

The net effect to me is this: If I come across a site which requires the verified by visa programme, I will shop elsewhere – I understand you guys don’t loose out – I’ll still use the same card, however your Merchants will. If it becomes ubiquituous, I’ll seek out a credit card supplier that avoids 3d secure programmes and use them instead.

The verified by visa system is rubbish – rather than preventing fraud, it prevents commerce and 9 times out of 10 causes me to abandon a purchase.

So…here are my questions
1. In who’s world is this a convenient way to purchase? This is insane.
2. The site I was doing all of this was “” – I checked this was ok to the people on the phone, however here’s what’s happening there: I am giving details about my account to a third party and I do not know what they are doing with them. This flies in the face of all anti-phishing advice on your own sites.
3. There is no added security of not allowing re-use of password
4. There is no added security of making a password meet YOUR criteria.

On 2 above you know this, and I know this: Trust is not associative – If you I trust AIB and AIB trust, this does not mean I should inherently trust In fact the 3D secure system is meant to specifically ensure that PINs etc. are not captured by the merchant but rather given directly to the bank. If you use a service provider, then we’re not achieving this anyway.
On note 3 and 4 above; there’s well known research that suggests that by imposing rules such as those above results in less secure passwords as people are more likely to write down passwords and so leave them open to being copied.

I’d appreciate AIB’s official position on this ludicrous system.

Kind regards,
Dermot Daly

You May Also Like

We built a product in a lockdown

At the start of the lockdown, around March last year, I have to admit a case of the jitters. I was prospecting on five different projects. Some with existing clients, some with new clients. Our order book was good - but we always have to have an eye on up coming...

read more
The Rise of the Super App

The Rise of the Super App

Imagine being able to chat with your friend through instant messaging, then book dinner, a movie or a gig and pay for everything all from one single app. That’s the power of a super app.  Mobile users worldwide have dedicated apps for specific tasks. This is not...

read more


  1. Denis Hennessy

    Great post. VerifiedByVisa (or 3DSecure as it was originally called) is a badly flawed that some misguided merchants adopt:

    – It’s bad for the merchant because a huge number of people abandon the checkout at that point
    – It’s bad for consumers because you have much more liability if you use it
    – It’s bad for security because you’re entering a secret between you and your bank, into a third-party site

    The only way it’ll stop is if merchant refuse to adopt it. The best thing to do as consumers is to tell the merchant you’re taking your business elsewhere.

  2. dermdaly

    Wow. Stunned. I’ve had some back and forth with AIB’s fraud team. I’m not going to share these, as I feel this is inappropriate. However I did ask how I could officially remove my details from the Verified By Visa programme. This is the response from a Fraud Business Specialist.

    “The easiest way to do this is call our helpdesk and report your credit card Lost.
    We’ll deactivate your current Credit Card and send out a Credit Card with new number that won’t be registered for Verified by Visa.”

    Note: I’ve asked how I can be removed, not how can I get a card which is not in the system.

  3. Oisin Hurley

    Most “security” enhancements appear to be put in place to shift the liability from the issuers to the consumers. The faulty chip and pin effort is an effort in the same vein. Unfortunately for us, the Irish banks are among the least forward-looking in the world and will not address issues that affect consumers.

  4. Chris

    i hope this post reaches more people.

    VBV (verified by visa) is so convoluted that it makes transactions a frustrating and often time heavy experience, which defies why people buy online in the first place! it’s supposed to be easy and for people who dont have much time to go out window shopping!

    When VBV comes up i also shudder and, if my 1st attempt fails, i sometimes give up on the online purchase and call the online company and do it all over the phone (phone credit card transactions do not have the need to VBV). failing that i go to a local store, or just dont even bother and forego even buying the item. crazy.

    i do a lot of online transactions and, interestingly, i have recently noticed many online companies have brought back other options to VISA at the checkout (e.g. bank transfer, pay on delivery).

    the conspiracy theory [of course there has to be one. lol]
    so, have you noticed VBV does not always come up? whenever i do transactions with some companies it always comes up, but in others, it doesn’t. is visa is governing where we buy by allowing the customer to enjoy an easy transaction in some countries/companies yet in other counties/companies VBV adds this step to the transaction?

    i think VBV could work, they just need someone to assist them to redesign it based on a consumer, not a banker.

    i feel a little better now.. got that off the chest

  5. Wenxuan Li

    This is a great post which should be known by more people. The same thing is happening. I had the same frustrating experience caused by verified by visa yesterday morning when I wanted to buy some flowers. I also don’t know what is credit limit since i’m using a debit card. More unluckly, I can’t get my call through to AIB card service which was repeating asking me to hold on. Now I am planing to go to an AIB branch to address this issue. Banks in Hongkong and China have a much easier online shopping process. Well, I’m not praising chinese banks but I think AIB should consider this problem right now.

  6. Mary Davidson

    I hate ‘Verified by Visa’. I have decided to seek alternate payment methods from merchants, such as over the phone. Or, if this is not an option, take my business elsewhere.

    Failing this I am considering a different card altogether… and thus a different bank if necessary.

    Fairly heavy? Yes. I refuse to be manipulated, backed into a corner or put over a barrel by being forced to relinquish my right to choose.

    Good post Dermot.

  7. Disgruntled User

    Whenever I see verified by visa or Mastercard SecureCode I just quit the transaction and buy elsewhere and recommend all my friends to do same.

    The merchants that make me use VbV or MC SC can go suck a fat one. If they want me to buy something from them don’t make the purchase a pain in the a$$ for me.

  8. Ryan Fisher


  9. gsv

    Yep EXACTLY the same here… VbV is absolute rubbish. Thanks for the post. I came here on a google search for “How do I get rid of Verified by Visa” Looks like I have to get a new card 🙁

  10. Nick

    I try & buy with my French Visa debit card, and Visa promise to send a code to my mobile to complete the transaction. The problem is that my number has changed, so I cannot retrieve my code. I have no idea how to do this bar visiting the bank.
    Merchant loses out, & I buy on High Street. …… Not sure it’s all bad. !

  11. TJ

    I to shudder when VBV comes up too, and now after so many problems ( having to change password every time I use it) I have tried to have this removed from my card but am told I cannot. This is my debit card not a credit card. I just want it removed but guess I will have to change banks. What a hassle!!

  12. John

    4.5 years later nothing has changed. Just had a twitter conversation with @AIB re refusal to allow previously-used passwords. I told them I had run out of memorable words. They don’t understand. In this password-controlled internet world, every site specifies their preferred format with or without Caps, Numbers and symbols. Plus they have demands about Usernames with which the password is combined. I am now up to 13 different active passwords. Of course I use some for several sites. The problem is to remember which is which. The permutations are a minimum of 13 Passwords to Associate with 13 Usernames on 13 sites. + 13 x 13 x 13 = 2197. No wonder I have to keep a list of access requirements to infrequently visited sites. close to my card just in case. The prob being I can remember all by Card details because I use them almost daily, but do not need the verified stuff often enough to keep it in my head. The only people frustrated by the VV system are the card holder and the merchant..

  13. jonoave

    Good post, and in 2015 Verified by Visa or 3D secure by Mastercard is still a stupid concept.

    Problem is they are suppose to send a password to your phone. But what if you’re overseas and currently using a local SIM there (which is what I’m doing, as I’m currently overseas now)? Am i supposed to swap out SIM cards each time to do an online purchase or buy an extra phone?
    And often time I fail to receive the SMS or so late that the transaction times out.

  14. Richard Sausa

    My transaction keeps failing cause of this verified by visa garbage. The online shopping is suppose to be nice and easy but maybe I need to switch banks and cards so it can be that way again. It really killed my online shopping convenience. I tried so many times to clear this one transaction by my bank but the verified by visa is forced and fails everytime so I gave up. Ridiculous really. VbV has to go or I do

  15. Patrick Hothersall

    Have you ever been stranded in a third world country because Verified By Visa is incapable of letting you buy an airline ticket? I have. Many times.

    I;m leaving my bank over this.

  16. Maputo88

    I am a merchant who has been forced by fraudsters to put VbV on my website. I hear your complaints from the few people who have visited this post in the last 6 years. None of the posters are merchants.
    All of my competitors in the UK use VbV and are prod that with a L10 mm revenue they have 3 frauds.
    I am in Canada, I have about 6 fraud attempts per month and they are always for the most expensive items I sell. If I did not have VbV, my website would lose money.
    I am very sorry the crooks have spoiled it for you guys that posted. I am very sorry we have terrorists who make me go through Homeland Security airport security.
    It’s the cost of being in the modern world.
    The good news is you can buy things online – 10 years ago you couldn’t.


Submit a Comment

Your email address will not be published.