I found a reasonably priced camera from warehouseexpress.com to replace my fairly new, but broken Panasonic Lumix DMC-TZ7. Display of TZ7 broke and I found out that it's not covered by warranty and replacing the display would cost nearly as much as a new camera. So, it made sense to cover the damage from home insurance and buy a new camera.
Unfortunately I found out, that Warehouseexpress, paying with Visa using Verified-by-Visa and authenticating VbV with Finnish banks authentication standard, Tupas, doesn't work nicely together.
Problem was, that when I tried to actually pay the camera, Tupas-authentication information was only partially visible. Especially the OK-button was not there to use.
I tried with three different browsers: Chrome (my primary browser), Firefox (backup browser, since Chrome doesn't support all features and plugins) and IE (last resort for badly design web-sites). None worked.
Finally I did some guessing when I can safely press Enter and the payment went through (I think). Unfortunately the online shop's display was still messed up and I didn't get to the final stage for order number and receipt. So, I don't know if I managed to order my camera or if I actually ordered it several times. I'm waiting confirmation from both Warehouseexpress and bank's customer service.
This was a bad example, how three separately designed functions doesn't work together. Warehouseexpress designed online shop and wants to enable credit card payment. Visa has designed VbV and allows integration of separately designed Tupas-authentication.
I don't know what really went wrong, but my guess is the following. Tupas-authentication is done by redirecting web-browser to bank's web-site, which returns information about success/failure and user identification. I guess that Warehouseexpress didn't want to show customer the web-site change and tried instead to embed Tupas-authentication using some tricks (frames or similar). Problem was, that Warehouseexpress didn't know how Tupas works. VbV supports several authentication methods and Tupas is just one of them. Warehouseexpress should have allowed authentication to happen in separate window instead of trying to fool customer to think that authentication is part of web-site's own functionality.
I haven't used VbV + Tupas for a long time, since I have used Finnish electronic identity card (smart card) for authentication to online bank and VbV + Tupas combination was not supported with eid-card. However, Finnish eid-card is going down to drain and it's not supported by online banks anymore. Therefore I had to downgrade authentication back to paperslips and OTP/TAN.
I also noticed that because Tupas uses social security number for user identity, online shop will get my SSN too! In this case the Warehouseexpress got both my credit card data and my SSN, which is unnecessary and stupid. I also wonder, why I need to give not only credit card number, but also expiry date and security code? It should be enough for online shop to get CC number, use VbV and get banks verification without SSN. But what I know?
