Dear A&L,
I have spent a significant amount of time and energy educating my mother to shop and bank online safely. The usual stuff – don’t trust e-mails from domains you are not familiar with, only go to websites via Google or your favourites and watch out for phishing e-mails asking for your banking details.
Yesterday she received this from you and at first I thought it was a phishing e-mail as it was from anl@anl.com, whoever they are, but all the links are legitimate and go to a genuine Visa website securesuite.co.uk:
From: anl@anl.com
To:xxx
Subject: Alliance & Leicester – Verified by Visa Password Change Confirmation
Date: Fri, 25 Dec 2009 14:33:16 +0000
Thank you for changing your Verified by Visa password. Please save your new
password in a safe place, you will need it for future purchases.
Please visit the Alliance & Leicester – Verified by Visa site to track your transactions
and manage your account settings.
This is an outbound message only. Please do not reply.
Should you have any questions, please refer to our Frequently Asked Questions
(FAQ), or contact us.
Kind Regards
Alliance & Leicester – Verified by Visa
All I can assume is that this is incompetence on your part which is causing a lot of distress and worry.
Get it sorted.
I second this, I had a similar mail from Alliance and Liecester and it really cofused me. I too thought that it was a phishing scam. I will be writing to the Financial Ombudsman.
I have just got one too, and ive not changed my password
Steve, I would check your bank account. I also received an email like this 2 days ago and it turns out some scammers had spent £600 from my account on online betting! I checked my securesuite account and changed the password back, then they changed it back AGAIN. Verified by Visa is useless – I have been shopping online for 12 years and this is the first online fraud I have experienced. A scammer, if they know your card details, can simply use the ‘Forgot my password’ link on securesuite.co.uk to change your VbV password – and VbV don’t even ask them to confirm the old password to ensure it is the account holder changing it! Where is the security in that? Every other website I have ever used asks you to confirm the old password before they will let you change it. Absolutely ridiculous.
Hi Natalie, I checked my bank not long after reading the email, someone had tried to use my debit card, but as I saw the email about my password being changed less than an hour after it happened it looks like they managed to stop the money leaving, its showing in my vbv transactions but not on my bank statement. I feel exactly the same as you, I had never been anywhere near my verified by visa account since registering, and therefore had no idea what my log on details were, plus the password had been changed and it was still ridiculously easy to get into my account. I am furious about this, and the customer service I have received from A&L has as always been appalling, no two members of staff ever give the same answer to a question….
Natalie, ps sorry to hear that they took money from you. I hope you get it back
I was online frauded yesterday. My password was changed and I only knew about it when I received the above email from the Alliance and Leicester.
I phoned my bank and £264.00 & £2.01 had been spent on my debit card that morning.
This is the 4th time this has happened and I have decided to switch my bank account to another bank.
Do people really think that the banks are the ones at fault here? Sure, a couple of times a year they’ll screw up but the vast (seriously, VAST) majority of online banking fraud cases are down to the user shoving their login details into faked sites. Then, of course, they blame the bank.
Oh hell. I’ve just received this email so I’ll check with the bank. Thanks all for your posts, thought it was phishing so I googled it.
I have triend Alliance & Leicester to no avail. They dont answer messages. Here is what I got from Visa.
**************************************
Thank you for contacting Visa Europe.
It may help you if I explain the role of Visa Europe. Visa Europe is an association of member banks. Banks join Visa to either issue cards to their customers (e.g. yourself) or sign up retailers to accept the cards. Our members are responsible for all account management and billing inquiries. Account information is confidential and is proprietary to the issuing bank and the cardholder.
The Verified by Visa service is offered to cardholders and merchants by Visa’s Member banks and financial organisations.
If you have any problems or issues with the service, please contact your card-issuing bank for further assistance. You can contact them directly, using the address or telephone number on your Visa statement or on the back of your card.
Please do not hesitate to contact us if you have any further queries.
Kind regards
Lena
Customer Support | Visa Europe | T +44 (0)20 7795 5777| F +44 (0) 20 7795 5577 | http://www.visaeurope.com
******************************************************
Subject: Lack of security in Verified by Visa system – Q0437346
Quite recently my debit card ID was stolen using the “Verified by Visa” system.
I am concerned how easy it is for a crooked online supplier to change my password and make quick purchases especially at a weekend.
Having persuaded me to give my card details for a supposed online order as well as my address for dispatch, the only item my alleged crook did not have was my date of birth, which I believe may be not too difficult to find on the Internet.
I strongly urge you to replace your highly insecure system of lost password changes.
Other organisations arrange replacements via an email to the applicant. The crook would not know my access password for that, hopefully.
I await your comments
I was alarmed about the from address for these email sent on changing password having a domain ( anl.com) not owned by Alliance & Leicester, and took me while to check out. I rang up to point out issue but they made not effort to understand issue and just reset my password again. I rang again and what told to forward email to suspicious email address. I never got a response and they continue to use incorrect from address on password resets on verified by visa.
The only thing that I think will solve this is change is to Santander systems and so no longer being used for other reason. I was bad enough some one was sloppy when set that from address but even worse that customer feedback does not respond in it being changed.
VBV is not something that is ran by A&L. It is simply an extra security measure taken out by visa for online purchases. Hardly the banks fault if somebody has gotten hold of your banking details and changed your password…
The only effective response I got from VbV was to refer me back to my bank( A&L now Santander) . It is obvious that rather than improve their security system, Visa are content with buck-passing. Visa later sent me an email asking me to review their customer support! Expletive deleted.
I am tickled by the comment from Tom seeking to attribute whose fault it may be. If that is the only way such problems are dealt with around the banking system, it is no wonder they are in such a mucking fuddle. It is just too damn easy to illegally change a VbV password.
I completely agree with you. VBV is a complete waste of time but it is through no fault of A&L/Santander or any other bank for that matter so when people are placing the blame on their bank it only stands to reason for people to point that out. As soon as anything involving peoples money/banking is involved it always falls back to the banks fault. Like somebody said earlier on the majority of fraud that occurs is because people are too stupid and idiotic to check websites before they too willingly put in their bank details. If everyone had a bit more common sense then there wouldn’t be need for pointless thing such a VBV.
Additional warning:- One of the essential items of information needed to reset your VbV password, is your date of birth. This just happens to be included on any NHS prescription. If you ever deal with an online pharmacy, they will possibly receive it. I was surprised recently to get a birthday greetings email from one such company. I might be paranoid, but what protection does this give me?