The big problem with the VbV insanity wasn't the current platforms. It
was largely the user experience — a frame in the browser, where they
can't *tell* that it's actually from a trusted site; it appears in a
page that's on the "untrusted" merchant site. Into which you're expected
to type parts of your password. Any sane person refused to use it
VbV was just another case of banks actively *training* their customers
to succumb to fraud. Just like when they send non-S/MIME-signed email.
I'm pleased to see it being phased out, at least in its current form.