I was making an online purchase today. Buying some memory for my laptop. After entering my address and CC details I am taken to a new screen that drops most of the sites UI and asks for all my CC data again. This is kind of strange, first time this has happened when trying to make a purchase online. The new page has a Verified by Visa logo on it and a CIBC logo, looks kind of official, has nice help explaining what it is. But the middle of the page is hosted on https://www.securesuit.net/ If you go to the that site you get a blank page with nothing on it, you can't connect at all on http. Since the pages it is serving are https I check the cert, issued to CYOTA INC. Who are they and what do they have to do with Visa or CIBC.
I entered the information requested anyway as most people wouldn't even have noticed that they where now sending information to CYOTA. Once you have the information entered you are then asked to create a password, that adds one more to the 47 usernames and passwords I already have.
What does this additional hassle get me? On the few sites that actually support Verified by Visa, if someone where to steal my card, they would also need to know my password to make a purchase. Which is 16 companies, in Canada that Visa discloses on their site, the one I was actually buying from is not listed, though there American parent is listed on the USA site. So it really gets me nothing, as I am not liable for fraudulent purchases anyway, there is maybe some benefit to the vendor.
Reading the Verified by Visa FAQs they don't mention either securesuit.net or CYOTA which is the bits of the program that a consumer is going to see, the answers are all around that it is free and good for you.
On the merchant side the most of the benefits lists are not benefits.
"Increases cardholder confidence" how does interrupting the purchase forcing the user to enter their information twice, on a third party side held in a frame increase confidence?
"Can be readily integrated into existing e-commerce systems" sure that is nice, but is it really a benefit?
"User friendly" they have some nice popup help for most of the fields but the whole double entry extra password on some mysterious third party site kind of negates the entire user friendliness of it.
I wouldn't have such an issue with the program if when I looked at the frame it was coming from verifiedby.visa.com and the cert was issued to Visa and not an unknown third (fourth?) party. The way it is it looks like a phishing attack in the middle of my purchase. That and the vendor didn't allow me to skip the Verified by Visa stuff, something the FAQ implies vendors should do.
That being said if I was a vendor I would take a look at the cost of enrolling in the program vs. existing fraud and charge backs.
If I ever buy anything from a participating vendor again I will report what the experience is like once you are enrolled.