This is different than a simple authorization. "Verified by Visa" sends the user to the visa website where they are asked a secret question (or password, I forget which) to validate their identity.
It's pretty much impossible for a stolen credit card number to be used with this system.
Terry
"Verified by VISA" is a program designed to make purchasers "feel" better about the online transaction. VISA even says that outright on their website. VISA also says that merchants are "protected against fraud, with limited exceptions" right on the promotional information on their website. The biggest "limited exception" is card not present, which is the case with 100% of all online transactions.
To make matters worse, if you activate "verified by VISA" on your website, it confuses legitimate customers who do not participate in the program. This simply causes them to leave my website and make the purchase from one of the zillion other online sites selling scuba gear.
EVERY merchant who has a visa/mastercard account (which is all merchants that take credit cards) is required BY CONTRACT to have a PCI Compliant website. Rolling without a PCI compliant website opens a merchant up to an unlimited civil liability should card numbers be "stolen" by anyone. There are a ton of requirements for this program, but the important one is card number storage. In short, this means that merchants cannot store credit card numbers beyond what is necessary to capture the funds on the initial sale. This means that Divesports.com NEVER knows your credit card number. It is completely hidden from us by the card industry automated clearing house. This actually makes it EVEN HARDER to chase down fraud or to even use card card company voice verification methods.
Phil Ellis
www.divesports.com