"Frame inline displays the VbV authentication page in the merchant’s main window with the merchant’s header. Therefore, VbV is seen as a natural part of the purchase process. It is recommended that the top frame include the merchant’s standard branding in a short and concise manner and keep the cardholder within the same look and feel of the checkout process."More Banking Stupidity: Phished by Visa
Or, in other words: Please ensure that there is absolutely no way for your customer to know whether we are showing the form or you are. In fact, please train your customer to give their “Verified by Visa” password to anyone who asks for it.
Craziness. But it gets better - obviously not everyone is pre-enrolled in this stupid scheme, so they also allow for enrolment using the same inline scheme. Now the phishers have the opportunity to also get information that will allow them to identify themselves to the bank as you. Yes, Visa have provided a very nicely tailored and packaged identity theft scheme. But, best of all, rather like Chip and PIN, they push all blame for their failures on to the customer