Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

"Verified by Visa"

  • 26-08-2012 2:31am
    #1
    Registered Users, Registered Users 2 Posts: 11


    I tried using my Visa Debit online, and got a "Verified by Visa" page. An iFrame page hosted on arcot.com, who with a bit of digging seem to be CA - although whois information is based on trust so that can't be confirmed. Even though it was a "secure" SSL site the fact it was cross-scripted detracts more than slightly from the security.

    So how does this thing work? Do Computer Associates have such personal information as my card number, card verification number, my current account number (at least the 4 digits of it) and my date of birth? Where does the question about where I lived when I was 10 come into it?

    I cancelled the verification (although the transaction was still processed) and am absolutely gobsmacked that you would use a 3rd party such as this, as it means what to the customer is a completely random company - one outside of the EU so it isn't bound by EU Data Protection rules, has access to information I wouldn't have chosen to give it.

    Ironically, this is a company I was formerly a customer of myself (before they sold their antivirus product off), so is there anything in place to stop them putting these together?

    Especially in a time when phishing attacks are all too frequent, it's incredible that the banks think this is OK.

    verify.bankofireland.ie or verify.visa.com would be acceptable, but to either hide the page hosted by a third company in an iFrame, or to redirect me to it, is completely crazy.

    Until I did some background digging, I actually thought I was buying from - and had actually just given my card number to- a scam site, who were then on a phishing expedition that would allow them to steal my identity as well as my card number.


Comments

  • Registered Users, Registered Users 2 Posts: 1,567 ✭✭✭dohouch


    Roisin G wrote: »
    I
    I cancelled the verification (although the transaction was still processed)

    That seems odd, I'm used to using verify for Mastercard on certain sites "Komplett.ie" don't think the transaction would go through without concluding the verification process.

    🧐IMHO, God wants us all to ENJOY many,many ice-creams , 🍦🍦🍦🍦🍦🍦🍦🍦🍦🍦🍦🍦



  • Closed Accounts Posts: 354 ✭✭Bank of Ireland: Pat


    Hi Roisin G,

    I can confirm that CA Technologies supply the systems side of the Mastercard 3D Secure and Verified by Visa software for Bank of Ireland. This system is known as Arcot.

    When you are using your Visa Debit card for the first time on a website that also subscribes to the Verified by Visa security process you will be asked to set it up for the first time. The iframe window that you referred to is a direct link to our systems, so any information you enter here is sent directly to us and is not recorded by the vendor or other 3rd parties.

    The questions you were asked in relation to your personal details are used by us for verification purposes during the Verified by Visa registration process. The question about where you lived when you were 10 would be used as an additional backup question in case you forget your Verfied by Visa password at some stage in the future.

    I can also confirm that all relevant Data Protection legislation is strictly adhered to and followed. Even though the Arcot software is supplied by CA Technologies, Bank of Ireland would be the data controller in these circumstances.

    I hope this helps answer you questions and if there is anything else we can do for you just ask.

    Thanks
    Pat


Advertisement