Category Archives: visa
Bullied by Visa
I’ve banked with Nationwide for over 20 years. During that time, I’ve been generally well-pleased with the service they offer. From time to time the ‘industry’ has ganged up to impose new charges on customers: for example, annual charges to hold a creditcard, charges to withdraw money from each other’s cashpoint machines, or charges to use your card outside the UK. Nationwide has always remained resolutely free of such things. Furthermore, they don’t seem to cock up, and they’re the biggest UK bank to have escaped the crisis of the last couple of years without having to recapitalise (or much worse). All in all, a huge relief compared to other banks I’ve used.
So when they messed up yesterday, my first inclination was to blame the merchant I was trying to use (Nokia). This is part of shopping before VAT rises, and I was ordering some new kit to the value of over £500. I wanted to query a couple of points, so I placed the order by ‘phone. There followed an email confirming my order. Five minutes later another email from billing@nokia:
Your order (No. 900937209) has been cancelled because we were unable to process your payment on the credit card that you provided. We apologize for any inconvenience this may cause. Please visit our online store at http://shop.nokia.co.uk/nokia-uk to replace this order. Prior to re-attempting the order, we recommend that you contact your credit card company.
Sounds like a maxed out creditcard or something? Nope, it’s about £5000 short of my limit, and is paid in full by direct debit every month. Thinking the man who took my order might’ve cocked up, I went online and retried.
OK, there’s a local Nationwide agency. Not a full branch, but a little room in an estate agent. They know me there. I marched down there intending to give them a hard time until they’d sorted it.
They were closed. Harumph!
Leaving a message is most likely going to miss the boat for 15% VAT. Nothing for it, have to use the published ‘phone numbers and hope someone replies. They did, and they were able to sort it out. They also told me the Nokia purchase had put a security block on my card, which is what they had to remove! After that I was able to place the order last night.
But hang on! This is a purchase of physical goods. That means there’s a shipping address. The fact it’s the same as the billing address (which hasn’t changed recently) should be a pretty good indicator that it’s really me, not a fraudster. What happens next time I need to settle a £500 hotel bill somewhere abroad, and perhaps in a remote timezone when there’s noone there to answer the phone. Am I at risk of the same thing happening? What’s the use of a creditcard if I can’t rely on being able to use it?
My strong suspicion is that this is because Nokia isn’t using phished by visa. To me that’s a plus: I’m placing an order with them, and all is transparent and open (the quirks of Nokia’s system are another story, but no showstopper). I’m guessing this kind of block might be becoming routine for online retailers who decline to be bullied into it. Grrr 😦
Postscript: as I write, I just had a phone call from the man I originally placed the phone order with, to tell me the order had failed. Of course I already knew, but it’s good that he took the trouble.
Phished by Visa
The title is in honour of Ben Laurie’s excellent piece here. Ben is by any standard a leading expert in online security, and his short article is strongly recommended reading for anyone who shops online.
I’ve just placed an order with ebuyer, timed to get a few bits & pieces before VAT goes back up. Ebuyer seems like a good bet these days: they’ve done nothing to force me to blacklist them (e.g. Dabs), nor is their website full of flash crap to make it painful to use (e.g. Scan). And I’ve been happy with them in the past, as a low-cost retailer that delivers efficiently.
The shopping and ordering process went smoothly, marred only by one item of six on the shopping list being out of stock (I’ll try Argos next – they probably have an equivalent). I entered all the usual details including my Visa creditcard, and it appears to have accepted my order.
It then took me to a “Verified by Visa” screen. This was in a frame, and the frame contents were generated by a script, so I could not easily verify where my sensitive data were being sent. This is precisely the phisher scenario, and a magnet for identity theft, as Ben describes! I reluctantly submitted the first VBV screen, as it hadn’t required sufficient sensitive information to complete a phish.
The second screen then asked me to create a new VBV password. Since I am already (reluctantly) signed up for VBV, I pulled out at this point and sent a note to ebuyer under the heading of reporting a website security issue. Having said that, the issue appears to be with VBV rather than with ebuyer, and the fact that my purchase was accepted seems to indicate that VBV was, despite appearances, not actually required.