January 14, 2021

Verified by Visa Back Again with SMS Code the ONLY Password

It looks like Verified by Visa is coming alive again. With the new incarnation if you’ve registered your Visa card it’s automatically recognized when you use it (online or in person) as protected by Verified by Visa. They then send an SMS code to your phone, you it provide to the merchant, and the transaction is approved.

You access your account (where you set your phone number and other personal information) by supplying your email address and an SMS code, but NO password is required. It appears that a one-time SMS hack could take over the account and it’s not clear that you could recover control. Given the vulnerability of SMS to various attacks I’m not sure I want verification of credit card transactions to not rely on a regular password. This is the first time I’ve seen a site accept an SMS code as a replacement for a regular password and particularly for monetary transactions it doesn’t seem safe to me.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.