Verified by Visa (AIB) - mandatory mobile phone

happypat

Registered User
Messages
21
I use my Visa Debit to purchase a lot of things online. Normally, for merchants that use "Verified by Visa", I have to enter a couple of digits of a personal password to continue with purchases. That's been the case for years.

But now, AIB, from this October, are removing the password facility and instead you get a text to your mobile with a passcode. You therefore have to have your valid mobile number stored with AIB and if you don't have your phone on you, you can't purchase online with your debit card.

(If you have no mobile phone they say to ring customer services, presumably on a case by case basis for a passcode?)

Views? I'm not happy. I don't want to have to interact with my mobile when purchasing stuff online, the password was more efficient.
 
Have to say that I hope they roll it out with all banks. This to me is an enhanced security measure. I think this makes much more sense the the system in operation now.

Personally, as someone who does a lot of shopping on-line, I much prefer the idea of having a code sent to my phone for each purchase. It makes more sense.

For me personally I hate the current system, it's just a matter of opinion, but to me a phone code per purchase is a great idea.
 
If a lady had her bag containing her phone and card stolen, doesn't this make it easier to order stuff fraudulently?
Or am I missing something?
 
Great point, I have my phone on an automatic lock after a couple of minutes, so in order to get to the code, they would have to get into the phone, now that's in my case.
 
Great point, I have my phone on an automatic lock after a couple of minutes, so in order to get to the code, they would have to get into the phone, now that's in my case.
The type of criminal who habitually steals phones can easily bypass all those automatic lock programs on any common phone.

The OP needs a new card provider.
 
This is contemptible stuff from AIB. As noted earlier, if bag and card stolen together, what do AIB advise?
Anyone who says banks are serious about security is either a fool or a tool.
 
With the present system it is too easy to reset the password and as most people have already provided their phone number to their bank I don't see it as a problem. I prefer for them to be able to ring me if there is an attempted use of one of my cards and they have done this in the past.
 
Last edited:
The type of criminal who habitually steals phones can easily bypass all those automatic lock programs on any common phone.

The typical criminal simply do a physical factory reset, actually breaking a code is beyond most of them.

The OP needs a new card provider.

This is the latest standard, so you can expect to see it introduced by all providers going forward.

It's actually a three way process to validate the transaction, so even cloning a chip is difficult. Phones bought before about 2014 may need a new chip.
 
With the present system it is too easy to reset the password

How is it "too easy" to reset the password? How would the "robber" of my phone easily reset my password?

actually breaking a code is beyond most of them.

But not beyond all of them. However, getting my password would be beyond all of them.

Either way, even if I am the only one with the view, I just know that there will come a time when I need to purchase something online and I won't have my phone handy. That will be a nuisance. There should be a password option, even if they supplement it with an extra pin or something - just not enforce a requirement to have your physical phone with you.

Already with doing international transfers I need a card reader. So if I don't carry that around I can't do transfers until I get home. It's getting more difficult to be efficient!
 
OK, if an IT savvy thief robs my handbag with my credit card and my mobile in it, they may be able to access my phone before I have reported the loss to the credit card company.

If someone steals my card I might not notice it. I would notice the loss of my handbag immediately. I would notice the loss of my mobile immediately.

If someone clones my card, I wouldn't know until I get a phone call on my mobile giving me a code.

It sounds like a brilliant idea to me. But then maybe I am "a fool or a tool". :)

Brendan
 
The type of criminal who habitually steals phones can easily bypass all those automatic lock programs on any common phone.
Stolen phones have the sim card removed immediately, and get erased promptly (before the owner can get the network or apple/google to remotely locate/disable them).

Views? I'm not happy. I don't want to have to interact with my mobile when purchasing stuff online, the password was more efficient.
I'm happy. Humans are not well suited to passwords - we can't be bothered remembering a long unique password for every different application, which is the only way to make them secure. Verified by visa was horrendously insecure. All you needed to reset the password was information written on the card, plus the owner's date of birth.

The best alternative we've come up with is to use a physical token (card reader, number wheel, mobile phone) to generate one-time passes as needed. The text message has the added bonus of alerting you if/when a malicious third party is trying to use your card.
 
In my case, I am the credit card holder, and my wife is added as a second card holder. What happens in this case? She goes shopping, and encounters verified by visa, and I then get a text with the passcode and have to phone her?

I'm sure I posted this reply yesterday, but it's vanished.
 
In my case, I am the credit card holder, and my wife is added as a second card holder. What happens in this case? She goes shopping, and encounters verified by visa, and I then get a text with the passcode and have to phone her?

I'm sure I posted this reply yesterday, but it's vanished.
It's only for online purchases.

I would forward the passcode text to my wife if and when she uses it when I'm not there.
 
In my case, I am the credit card holder, and my wife is added as a second card holder. What happens in this case? She goes shopping, and encounters verified by visa, and I then get a text with the passcode and have to phone her?

I'm sure I posted this reply yesterday, but it's vanished.

Maybe your wife is using your Askaboutmoney log in and deleted the post?
 
In my case, I am the credit card holder, and my wife is added as a second card holder. What happens in this case? She goes shopping, and encounters verified by visa, and I then get a text with the passcode and have to phone her?

I'm sure I posted this reply yesterday, but it's vanished.

From what I remember it is the card being verified not the account holder. Therefore the second card will also be mapped to a phone, your wife's in this case.
 
Having just seen a tv3 documentary on how easy it is to spoof a text messages point of origin... i am even more wary of it being part of verified by visa.
 
Having just seen a tv3 documentary on how easy it is to spoof a text messages point of origin... i am even more wary of it being part of verified by visa.

How exactly would being able to spoof a text message help you break the validation? The original request that sends the text does not originate from a mobile device???
 
Back
Top