It looks like Verified by Visa is coming alive again. With the new incarnation if you’ve registered your Visa card it’s automatically recognized when you use it (online or in person) as protected by Verified by Visa. They then send an SMS code to your phone, you it provide to the merchant, and the transaction is approved.
You access your account (where you set your phone number and other personal information) by supplying your email address and an SMS code, but NO password is required. It appears that a one-time SMS hack could take over the account and it’s not clear that you could recover control. Given the vulnerability of SMS to various attacks I’m not sure I want verification of credit card transactions to not rely on a regular password. This is the first time I’ve seen a site accept an SMS code as a replacement for a regular password and particularly for monetary transactions it doesn’t seem safe to me.