Verified by Visa
// February 25th, 2010 // Web
Plenty of people have commented on the stupidity of Verified by Visa and similar schemes, which put iframed verification forms into the web purchasing system that look remarkably like phishing forms (encouraging users to trust such embedded forms), without providing any additional security benefits. A quick glance at the economics explains why sites do this – it enables them to lower their costs by shunting fraud risk onto Visa – but from a user’s perspective it’s still bloody stupid.
Even worse is when you cannot complete a payment without it, but it doesn’t work – an experience I have just had with BA, trying to book a flight over to Queen’s Day in Amsterdam. After entering all my details, I got this:
The bank would like the following information… an empty iframe. It’s actually loading a JSP on BA’s site which delivers an empty HTML page wrapping a script that tries to trigger a form that isn’t defined in the markup. Knowing that is no great consolation…
So congratulations BA, Easyjet were undoubtedly very happy to receive some cash in exchange for a functional web experience.