Pherified by Phisa

As Mr Coward says above, the real scam is Verified by Visa/MasterCard SecureCode. This brilliant piece of security theatre adds no real protection to the transaction. It does however force banks and retailers to interrupt transactions with either a pop-up or an iFrame (both security nightmares). The screen that appears lacks the full branding and looks amateurish. Customers are confused by it, so the retailer/bank loses sales, or has to deal with increased call-centre traffic. The long-term effect is that customers get used to random, bodged-looking pop-ups appearing during transactions. The phishers then won't even have to try to make their screens look real. Smacks of the kind of dumb idea thought up by a CEO, then half-assedly implemented by staff who know it's doomed to fail.