To all the online merchants requiring you to enable "Verified by Visa" or "3D Secure", sneakily enforcing a liability shift:

Fuck you, I'll buy elsewhere.

@fribbledom what's the shift with verified by visa. I've kind of always just trusted it as a good thing...


In case of a fraud, it's now up to you to prove you're innocent before you get your money back. Before the liability shift your bank used to have to prove that you're guilty for any fraudulent transactions.

@fribbledom Explains a lot. Card no longer works for on-line transactions verified by Mastercard. Bank said there's no block on it. After many inquiries apparently I can get the block lifted by Mastercard but I figure better to make it more difficult to spend. It works at ATMs in shops and netbanking. No need to involve the Amurkans eh. I didn't think they actually cared about protecting me in anyway @nigeldgreen

That explains why they also seem to believe it's totally secure to prohibit passwords longer than 10 characters...


I refuse to use any site that has a maximum password length. Even a cap at, like, 18 characters will be horribly insecure in a few years time, and I've had accounts on some sites for over ten years now.


@fribbledom I've worked on a 3DS integration, depending on the country it's a government mandate. India is the primary one that requires 100% of card transactions to go through it. EU countries were all supposed to be on it Sept 2019 from the PSD2 mandate, but it's delayed because coordination 🙃

Just calling it out because depending on where you're at, you might start to see a lot more of it.

@fribbledom Blame the EU. Most of it is a part of the SCA requirements in PSD2

@fribbledom 3D Secure is the norm in Poland for quite a long time. I know they place liability for fraud on the merchants if they wouldn't implement it, but I haven't heard about banks denying chargeback because of it. I guess it may vary from country to country.

It's been around for about 20 years in the US but i can only think of one vendor i use that requires it. There used to be only one company that provided a vbv authentication service and they were in australia. Not sure about now, i haven't implemented it on any ecommerce sites since i tried it when it was a new thing.
@fribbledom Not sure what the former is about, but 3D secure (or SCA in general) has been mandated by EU for quite a while. There may not be an elsewhere to buy from.

@fribbledom No one likes to assume any liability. Hell, grown men can't even bring themselves to say sorry or admit they were wrong, let alone have a seller or banking "institution" assume any risk or liability associated with fraud. This is called passing the buck.

This, imho, is a form of collective punishment by banks and retailers for all the card skimmers and card thieves, data thieves and unscrupulous assholes who victimize hard working people day in, day out.

@fribbledom Punishing many for the sins of a few hardly is a new thing, but this game of legal hot potato frequently leaves the consumer with burnt hands.

It's definitely cheaper for them to do this than actually put a secure payment system together....

Enabling these extra services is a months long quest with some German banks. Dedicated crappy apps and multiple postal confirmations required for even some online-only banks.

In my case, it was my bank requiring verified by visa. But unfortunately that now also requires a German mobile phone number, which, being an expatriate, I haven't got, so I was never able to use it. Which also means I'm only rarely able to use my credit card online.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!