CC shared secret

[Wendy M. Grossman]

Roland Perry wrote:
> In article <489978EC.1090302@iosis.co.uk>, Peter Tomlinson 
> <pwt@iosis.co.uk> writes
>> Did they offer you the chance to log in somewhere and change the pwd?
> 
> They point to a webage that describes the scheme, which does give 
> "account management" options to change the VbV password (aka shared 
> secret), but it seems likely from their description that the two are 
> inextricably linked and changing one changes both. That's one reason 
> that perhaps the VbV system is "franchised" with the query being done in 
> realtime back to the bank every time I make a purchase.

Hmm. It's so long since I was directed to sign up for VfV that I can no 
longer remember how it was done, but I *know* I chose my own password 
for it.

> 
> Or is the *whole* Visa scheme just a franchise, with merchants having to 
> have a credit-authorising dialogue with the relevant bank rather than a 
> central Visa-branded clearing house?

Which would imply yes, that banks do it differently from each other. 
Mine is on a Barclaycard, if that helps.

> 
> With CC data theft headline news again today, I just feel I'd like to 
> know *where* my data is being held.
> 
> If the mechanism's suitably secure, then having the same password might 
> even be an advantage, as it's one fewer thing to have to remember.

What frosts me is that adding VfV to the list of hoops you have to jump 
through to put through a purchase doesn't make the bank any less likely 
to decide the transaction is dubious and stop your card.

wg