Introduction
This blogger's post (link unavailable) in 2008 pretty much summed up what happened to me today:
I’m not the kind of guy who falls for those super-obvious identity theft scams. I live online, I work in IT and I don’t really like sports. I’m pretty careful when it comes plugging my credit card into the internet.
But last month, when I was stuck for rail tickets in Europe, I thought I’d slipped up. Turns out, it was just a “security feature.”
I don't live online or work in IT (though I do love sports), but everything else pretty much describes me when it comes to identity theft scams and credit card purchases on the internet. There were times when I thought twice about making online purchases due to my concern of identity theft and transmitting credit card information over the internet. But now, I've seem to let up a bit, which led me to today's scare.
I encountered the same scenario that the author did. I was purchasing something online, and after I checked out and submitted the order, a pop-up window appear, asking me to sign up for "Verified by Visa." It looked something like below:
I didn't really think much about it and proceeded to enter in the required information. It wasn't until after I had submitted the form, and saw the URL that I began to second guess if what I did was a good thing.
Symptoms
First, the URL domain was "securesuite.net" - My head started to ring PHISHING ALERT out of instinct. I didn't think Visa would've used a third party site for a security service?
Second, this was the website I was redirected to (this was the account management page). In my opinion, I was expecting something more professionally done (sorry!) or at least more consistent with Visa.com's website - it is a Visa feature, right?
To top it off, I received an email from the domain @securesuite.net... This was very fishy.
Out of panic, I called my credit card company to confirm if there was anything suspicious about my credit card. I mean, I wasn't concerned about the charge for the purchase because it was what I expected and wanted. I was more concerned about the site I had just submitted my info to. So the end result from calling was that I was offered some identity theft protection feature for a monthly fee, which I quickly accepted. Not sure why, but I did it.
Findings
After some googling around (so much for a lunch break), I found the blog post that I mentioned in the beginning, mentioning that it's legit. I was a little more at ease.
I did some more digging, and discovered that Verified by Visa was a solution by Cyota, which was purchased by RSA Security in 2005. SecureSuite is actually the name of the Cyota solution, an online payment security platform.
If you do a WHOIS domain lookup, the domain "securesuite.net" is owned by
I also had a few friends who confirmed that it is a legitimate security service.
Lessons Learned
So, what did I get out of all of this?
- Just because you've never ran into a phishing scam in the past doesn't mean you won't in the future. I guess I am fortunate that it wasn't. But it does reinforce the need for us to be very cautious when we are making purchases online. This pertains to emails, web forms, URLs, etc. that may look legitimate.
- It's good to know that some part of my mind was alert during the process, though it would not have been any use because it was after the fact. I need to start thinking twice and being more cautious again - I've been letting up too easily. Always think twice about pressing the submit button, and if it doesn't feel right, don't take the risk. It's better to be safe than sorry.
- Verified by Visa (and what was previously known as SecureSuite.net) is legitimate. It's basically a feature that adds an extra password to authorize online transactions with Visa cards, which the company claims to improve/enhance account security.
Visa sure gave me (and I'm sure others as well) a scare there. Why are they using a third-party for this solution? Why was I, a Visa customer, redirected to a site that was not owned by Visa? More importantly, why didn't they tell their customers about it or at least give a warning when purchasing online? Did Visa drop the ball on this? The author thought so, and I agree with him.
Of course, it is up to you (the reader) to determine whether or not you trust the site and the form. My experience with this incident turned out to be just a false alarm, but it doesn't mean that everyone else's will be the same result. As others have mentioned, the forms can be easily created by anyone who wants to steal personal information, so we need to be aware and alert when submitting information to merchants. So we'll leave it at that.
Now I am feeling much better.
My last order of business: Call credit card company and opt-out of the identity theft protection feature.
UPDATE (2/4/12)
Here's some additional information that I found around Verified by Visa. You can check out this URL for merchants that participate in the Verified by Visa program:
https://usa.visa.com/personal/security/vbv/index.jsp
One tip that I can suggest, which I am doing now, is to set up alert notifications of charges on your account (if your card provider has that feature), just so you know immediately when a card charge is happening. That way, you can keep a watch on any suspicious activity if you're still uncertain about Verified by Visa's validity.
The verified by visa window that I have used many times before doesn't look anything like the one you posted here... hmm...
ReplyDeleteIt looks more like this: http://3.bp.blogspot.com/_cAau5b05hrU/STL4avHgFCI/AAAAAAAAANw/3NgKzBTpzrQ/s320/verifiedbyvisa.png
Hey DY - You're right. That was the window I got, too. I failed to mention that the window I was referring to was the account management design and layout. Haha, sorry for the confusion there!
ReplyDeleteBut you use (have used) it, too, huh? So I can be at ease...seems like I'm the last person on this planet that found out about this, haha.
Absolutely ridiculous. I ran into the same thing just now at newegg.com and have never seen it before in my life. It looks so shady and half-assed like the old AOL phishing websites. I'm also perplexed as to why I wasn't redirected to this website mere weeks ago when I bought a new laptop from newegg. Especially since I haven't changed, or added, any identity theft protection.
ReplyDelete@doug - Thanks for visiting and leaving a comment! I hear you. I had the same reactions when I first saw it. What really got me was that we, as consumers, are usually not notified of the payment/security features, which is a real major disruption in the overall experience of purchasing items online. But I hope it all worked out for you, though.
ReplyDeleteit could be a good program. if instead of forcing you to use it you could opt in.
ReplyDelete@Anonymous - Thanks for visiting! I totally agree with you. I like having the option to opt-in if I wanted to.
ReplyDeleteThanks for doing the leg work on this issue! I just ran into it on a replica watch site (already pretty sketchy, mind you) and I was very skeptical. But I figured that, if you're fake, these scammers are doing one hell of a job. So, I feel more comfortable knowing that I'm probably not getting screwed, and if I am, I'm getting screwed by some people who are very good at their job!
ReplyDeleteSo glad I found this, I was looking everywhere to make sure whether the program/"security" feature was legitimate or not. Thanks for the post!
ReplyDeleteThank you for confirming. So sketchy...
ReplyDeleteI don't believe it - just got an email to my secondary email account (read - virtually never use) for this Securesuite, AND I haven't made a Visa purchase in months, and it's telling me I'm verified for something I never signed up for! Sounds phishy to me! They want me to confirm my birthday and SS# Yeah - real legit for a real company!
ReplyDeleteI have just recieved similar from santander@securesuite.net. Looks dodgy to me
ReplyDeleteIt's not legit, why would my bank use it and tell me to cofi information on my account randomly? Furthermore, why would the email have the CEO's signature?
ReplyDeleteIt's important for everyone to know that this could EASILY be replicated and put on another domain that looks somewhat like the original to trick you, so keep alert when doing so. The best options are to do it directly through your bank website. Check the URL more than once. A lot of people love to make scam websites with domains that have a letter in the wrong place, or the domain looks almost identical, especially if you only glance at it. This is a completely ridiculous thing that banks have had to do, and I think it's one of the worst business practices I've seen, specifically because they handle our money, and that it would all be much better if that even though the banks don't like that they have to do this, because it means they will now be more liable to return your money to you in case of some issue or fraud, instead of the merchant, that they at least EDUCATE their damn employees about it. After reading a lot of comments, I've found that so many people called their banks, and their card issuers etc, to find that none of the people ever knew what they were talking about, and MANY of them were so stupid they weren't even concerned about phishing or internet scams in the first place, and thought it was perfectly logical and fine to submit your confidential financial and personal information to some suspicious site that popped up, with a weird domain name, that you hadn't heard about, on a page with barely anything on it, that looks quite juvenile, and (apparently at least used to) has multiple spelling errors, and many other fishy things about it, which most people in today's world, would all send red flags up for......
ReplyDeleteAnd people think education isn't a problem here...
You know, it's really not even about school, it's about people learning common sense, and logic as they grow up. Deductive reasoning, making sense of things, being able to spot lies and scams etc.....things people learn by LIVING, and often not learned because their parents shelter and shield them too much, never let them get in trouble and learn lessons, and treat them like they're all stupid. Just look at cartoons nowadays, they treat kids like idiots....but you look back at stuff like Looney Toons for instance, and they used complex words and scenarios, and played symphony music, and you know, kids learn stuff through it. It's not hard to learn through television, in fact it's one of the best ways. Believe it or not, so are video games. Even the gorey ones people think are dangerous and useless. They teach all kinds of important life lessons. Not to mention, they help get out aggression, anger, stress and depression, they can help otherwise violent kids/people get out their urges to hurt others by releasing it in a harmless game. Ah, but I know I've gone rambling now, I'm just sayin', we need to stop making people so stupid, and more importantly.... HIRING them to be in charge of such important things like our money!!!
I wouldn't trust them. I just got one of these popups and it looked pretty suspicious. I found this blog, which might be a scam itself.
ReplyDeleteLook at their contacts page - as of May 2013, the Hours and Contact email are "TBD". Sorry, even if this is legit, I wouldn't just ANYTHING with these losers
https://www.securesuite.net/csi/docs/contact_support.jsp
THANX FOR YOUR POST. I HAD THE SAME SPIDEY SENSE TINGLING AND YOUR POST SAVED ME THE TIME OF SOME PHONECALLS
ReplyDeleteSo Creepy! I just ran into this for the first time ever. Terribly sketchy and unprofessional.
ReplyDeleteAnd they just asked me for my card's PIN number too! No freaking way am I ever giving that out to anyone--especially in the same form as my card info!
And the fact that a random blog post (this one--which let's face it, any scammer could easily put up--no offense) is the first thing that pops up when I try to verify it? That just makes it look more scammy than ever.
No thanks. I can live without that particular online purchase.
Like everyone else - I was very concerned about my Tiger Direct order. I cancelled out of it and everything. I was going to re-order my tv just using my paypal account....but then I would lose my 3% cash back on my mastercard.
ReplyDeleteThank you for your post. I'm $63 richer because of it!
thank you for your post! im away backpacking and bought flights on my card through my hotels public computer, then received this seriously sketchy email - forwarded to santander immediately but yet to hear back from them!
ReplyDeleteCancelled my VISA card because (efunds security suite) seems suspicious, just can't take the risk so I ended it.
ReplyDeleteYeah (efunds security suite) has positive reports and I'm probably overreacting but I just don't feel safe using it. Got an email back from them and a word was misspelled and that was enough for me to cancel my Visa card. . What a pain in the butt.
For almost all Schengen visas You may submit an application form throughout 2 months previously the trip date. you should submit your own form at the very least One Visa 2 weeks previously your own journey starts, but pertaining to a few nationalities It may get between two IN ADDITION TO 4 weeks to be able to technique your visa application.
ReplyDeleteGot one of these from Chase Bank today. Havn't had the card for over 10 years. Secure seems unlikely to me.
ReplyDeleteSo guys what's the alternative way. or the solution for this issue, I would really want to buy what I ordered , but this thing is in my way and preventing me from paying the seller, so does anyone know how to safely purchase?!
ReplyDelete