Verified by Visa and MasterCard SecureCode

In an attempt to make you more safe for your Internet shopping, MC and Visa have come out with an additional security measure called either Verified by Visa or MasterCard SecureCode.

This new security technology for the major cards is implemented (so it appears) through a company called securesuite.net. Doing a WhoIs lookup on this, we discover it is a company in Tel Aviv. Turns out it is a small security firm bought by RSA. Both banks are using it.

Here's a link that discusses it, but scan down to the comments at the end and there are some pretty informative bits of information. Nowhere on my bank sites did I find any mention of securesuite.net directly, but their registrations take me there.

Link

This is positively retarded on behalf of the banks. Merchants can force you to register and the process looks *a lot* like phishing, which they've trained us (justly) to worry about. You'd think they'd provide more transparent information about who they are using and why you'll be redirected to a previously unheard of domain in Israel, but they don't.

But it does appear to be legitemate. Only, if you phone your bank, pretty much expect that the Customer Service rep may well never have heard of it and may tell you it is a phishing site trying to steal your information. Apparently even internal dissemination of information has been problematic.

Anyway, it looks legit and Tiger Direct actually requires it now.

I give the banks a plus for putting in an additional identification factor, but a big minus for doing a crappy job of explaining it and making the implementation look like a phishing scam.

Aside:

Why controlled purchase numbers (basically a one-time pad for credit cards so that you can give someone an auth number that is verifiable for a transaction but is NOT your credit card number and becomes invalid after that) haven't yet made a fuller appearance at Visa or MC (or the banks) is a bit of a mystery. These would make internet transactions a lot safer.