{"id":132,"date":"2009-01-18T04:29:01","date_gmt":"2009-01-18T12:29:01","guid":{"rendered":"\/?p=132"},"modified":"2010-01-18T02:14:17","modified_gmt":"2010-01-18T10:14:17","slug":"vilifying-visa","status":"publish","type":"post","link":"https:\/\/www.slimjimmy.com\/weblog\/archives\/2009\/01\/18\/vilifying-visa\/","title":{"rendered":"Vilifying Visa"},"content":{"rendered":"<p>After submitting a credit card purchase at Newegg, I was greeted with a &#8220;Verified by Visa&#8221; webpage:<br \/>\n<a href=\"http:\/\/www.slimjimmy.com\/weblog\/images\/verifiedbyvisa.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.slimjimmy.com\/weblog\/images\/verifiedbyvisa.th.png\" width=\"338\" height=\"238\" alt=\"Verified by Visa screenshot\" \/><\/a><\/p>\n<p>This page is idiotic.<\/p>\n<ul>\n<li>I was directed to this page without any warning.<\/li>\n<li>The page uses the domain verifiedbyvisa.com, not visa.com.  A tip to financial institutions trying to thwart phishing scams: <strong>pick one domain name and stick with it<\/strong>.  People are going to be directed to this page automatically, so the address does not need to be memorable or even human-readable.  Using other domain names is confusing and looks suspicious, and if users become accustomed to it, it opens the door for phishers to use their own, look-alike domains (such as, say, verifiedbyvisacard.com, which is available as I write this).<\/li>\n<li>For goodness&#8217; sake, <strong>register your security certificate properly and completely<\/strong>. &#8220;Run by (unknown)&#8221; is not reassuring, nor is being verified by &#8220;Thawte Consulting&#8221;. (I&#8217;m sure Thawte Consulting is a big name in the security certificate space, but are they as recognizable as VeriSign?  Besides, VeriSign acquired them <em>10 years ago<\/em>.  Again, pick one name and stick with it.)<\/li>\n<li>The page provides me with none of my basic, personal information so that I can have some assurance of whom I&#8217;m dealing with. <strong>Verification is a two-way street.<\/strong> Continuing to ignore this makes phishing easier.<\/li>\n<li>The page outright lies to me. The button says, &#8220;Sign up to complete purchase&#8221;, but Newegg already emailed me my purchase confirmation.  I shouldn&#8217;t have to say this, but <strong>lying does not build up trust<\/strong>. Duh.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>After submitting a credit card purchase at Newegg, I was greeted with a &#8220;Verified by Visa&#8221; webpage: This page is idiotic. I was directed to this page without any warning. The page uses the domain verifiedbyvisa.com, not visa.com. A tip to financial institutions trying to thwart phishing scams: pick one domain name and stick with [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,6],"tags":[32],"class_list":["post-132","post","type-post","status-publish","format-standard","hentry","category-rantsraves","category-usability","tag-ecommerce"],"_links":{"self":[{"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/posts\/132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/comments?post=132"}],"version-history":[{"count":0,"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/posts\/132\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/media?parent=132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/categories?post=132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.slimjimmy.com\/weblog\/wp-json\/wp\/v2\/tags?post=132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}