We’re told never to enter our card details into an unknown popup window, and then Visa’s securty system asks us to do exactly that. We’re told that if we’re dealing with a reputable financial company, they’ll NEVER suddenly switch us to an unfamiliar domain name mid-way through a transaction. And that’s exactly what Visa does. Who the hell are securesuite? Never heard of them. Why isn’t the Domain explicitly a Visa site? That’d at least give us the comfort of knowing that if the domain was fraudulently labelled, that the owners were probably comitting an offence somehow. But if you enter your card details into a completely unknown domain whose name doesn’t hook up to anything you’ve ever heard of, and it goes wrong, then that’s negligence on your part. We’re told that any user who’d do this is behaving irresponsibly. But they still ask us to do it.

And it gets even worse.
One of the giveaway signs of a phishing site is that their domain is one letter away from that of another “respectable” domain (say, micrcsoft.com). “Securesuite” sounds like a one-letter spin on “securesite”, so the name immediately sets alarm bells ringing.

So who the hell at Visa doesn’t know these things? And what the hell are they doing being allowed to set up redirects and javascript stuff on a Visa security site?