Even when i spelled it out for her that “I am currently on a website that I have strong reason to believe is a phishing scam to steal your clients’ information,” she still didn’t seem to care. I shit you not, exact words. her only response was, “if the verified by visa logo appears then you know your transaction’s secure.” To which I responded, “Even if it’s hosted on a different domain?” She answered, “Yes.”

Wow.

Disillusioned with the mighty visa security force, I then started looking around about securesuite and found this page. I laughed as the article reiterated everything I just told the inept agent at visa security. After reading through some comments (which I wholeheartedly agree with), I came across one that mentioned that simply canceling out of the verified by visa app would bring you back to the purchase screen and the order would be completed.

Well, it did and was. In fact, it had already completed well before I had even got a hold of visa security. Some security system that was. Still, that deepens the evidence of this being a phishing scam.

I still have one question, “Why don’t visa security care when I call to report a scam stealing their customers’ information?”

The help page popup was rubbish. So called bank - spent ages “talking” to someone in India. Eventually got through to someone I could understand in the UK who took me through the registration. He could not understand why registering on a site “www.securesuite.co.uk” which is a domain I’ve never heard of and bore no relation to Santander or Visa would be any type of issue.

Anyway - eventually registered and when I went back to the merchent to try my purchase again - the secure suite site had set my login name in a cookie!

I can’t believe the banks are signing up to this.

As I don’t want to give more details or have two codes and another password to remember I didn’t continue.

I’ve read through this thread and thought exactly the same as the other posters, that this isn’t adding security when more personal details have to be given on an insecure webpage in order to register.

http://www.lightbluetouchpaper.org/2010/01/29/why-is-3-d-secure-a-single-sign-on-system/

The original paper is fascinating.

I was purchasing Skype time and the on-line transaction bumped me to that “Verified by Visa” enhancement. I was suspicious of the domain not matching anything familiar so I tried to investigate - not being able to find any useful information I finally called a local branch of CIBC. I was bumped through several extensions, none knowing anything of substance about that “service”; finally the last one told me that it was legit. However even though still a bit suspicious I finalized that purchase.

The next statement showed couple of purchases of some version of Karpinsky software that I didn’t make once a few hours after my own-Skype transaction and then again a couple of days later.

To this day, in spite of making further inquiries by email to CIBC and to Skype I have received no formal explanation of whether that “Verified by Visa” securesuite domain is a legitimate operation or not.

Today I wanted to buy more time on Skype and guess what - the same site popped up asking for that same personal info and no one wants to give me an answer or to bring that operation down. - As far as I am concerned, they are either fraudulent operation as a whole or have a bunch of shady employees on their staff.

… any comments or ideas?

Since reading this page, (and since the earliest posts were made 3-4 years ago and any phishing site would long-since have been taken down - I hope!) then Im going to trust it and put my details in, but I am also going to contact my card provider (MBNA) and tell them that I think its bad of them to use something that looks so suspiciously like phishing.!

Not impressed..!

So it appears that someone had accessed:
- My card number , start and end dates, security code.
- My Clicksafe login and password

As a result, my card has been cancelled and I await a replacement. I have altered all my clicksafe login details. When the new card arrives I will have to remember to amend my details on the sites where the old card is registered. During my call to Lloyds/TSB I was offered their ID aware service, which monitors account movements and also any credit applications - it sounded scary that someone in possession of my details could apply for credit in my name, default and leave me to pick up the pieces, so I agreed to join the scheme for £6.99 monthly. I had previously seen this scheme but considered it the bank’s job to ensure the security of the account.

I am left with a nasty suspicion that this whole situation may have been an attempt to make money for Lloyds/TSB - I am careful not to incur bank charges, so they might be keen to profit from me by other means. Does anyone remember the British Gas scam where they told customers on a maintenance contract that their boilers were becoming unserviceable because of a shortage of spares, and that if they did not get a new boiler (at a ‘bargain’ price from BG) they might find themselves without heating? I fell for that one, too.

In any case, if my bank details were compromised, it was not through my doing, and almost certainly via Clicksafe since those details were also obtained, so that doesn’t do much for Clicksafe’s reputation. I will not register my new card with them when it arrives.

My advice to anyone being pressured into joining Clicksafe’s scheme is to resist, not make the purchase via the internet with the retailer concerned and make sure the retailer understands why he is losing custom.