Last night I learned about another shortcoming of the
Verified by Visa program. A single authentication allows the merchant to complete multiple transactions, including past transactions which were stopped by Verified by Visa.
I had forgotten one aspect of my Verified by Visa password, and so I was unable to complete a
Newegg.ca order. I didn't get any confirmation and the order wasn't listed under the list of orders, and so I assumed the order was aborted. Then I reset my password and repeated the order. After I completed the Verified by Visa authentication, the old order appeared in the list of orders and proceeded as if I had authorized it. In fact, the single Verified by Visa authentication allowed four orders to proceed; each order had been split into two parts by Newegg.
This is not security. A Verified by Visa authentication does not prove consent for anything.
(Yeah, I was able to quickly contact a Newegg customer service representative and void the order. So, everything is ok. The only consequence is decreased confidence in Newegg's website and Verified by Visa.)