SecureCode® is a program by MasterCard to have another (useless?) number you type in to use your credit card with certain merchants. You may remember when the CVV2 code was the NEW BIG THING that people asked for to make sure you were really the person using the card. (IMHO, each of these is perfectly useless once that bit of information is stolen. It’s an arms race where card ‘acceptors’ keep looking for a new bit of info to ask for, and thieves keep stealing it).
Yesterday, while making a purchase, I was asked for my SecureCode® for a particular credit card. I don’t remember it off the top of my head, and it’s not stored in my normal encrypted file of passwords. On top of that, I use No Script, which can make some JavaScript interactions tricky the first time you do them. You have to choose what domains to allow to run script.
With all that, I couldn’t get the purchase to go through at first because I didn’t have my SecureCode® card number. So I tried to get it from the issuing bank website, and got caught in a round robin of being sent to the mastercard site, my bank, and the merchant site. But somehow, with the various enabling and disabling of scripts, I WAS ABLE TO BUY THE PRODUCT WITHOUT EVER ENTERING THE SECURECODE®. I don’t know how much of a security failure this is, if at all, but it makes me think that SecureCode® is just another useless step that annoys me, and makes sure I won’t buy from that merchant again.