Bank passwords alone wouldn't work on any of my accounts because it would detect a different computer and request secondary authorization. It does this by looking at the information the browser sent...and...oh...oh. Geez I hate security theater. Is there anything less secure than the information sent by your browser?
It looks like their own ghetto implementation of Verified by Visa.
Verified by Visa is secure because it uses a shared secret (not terribly unlike how JWT works) for the merchant to redirect you to the bank (with information on what card you used), who verifies your username and password and that that is your card, who then redirects you back to the merchant with something that says "Yep, we verified them"
I don't think I've EVER had a VBV or Mastercard Securecode transaction actually work. I avoided buying stuff from NewEgg for a couple of years because of this.
My bank (Thailand) has VbV that requires me to set up personal phrase with the bank and that phrase is shown on VbV page. Also it sends SMS OTP to preregistered mobile number so I doubt any sites could fake that.
Verified By Visa happens immediately after you hit "pay", not a number of days later. Also, there's a number of implementations of it - some banks in the UK ask for a password you've set up previously, some don't, some ask for random other info. It is consistent between sites, though - it's bank-dependent, not site-dependent.
Bank passwords alone wouldn't work on any of my accounts because it would detect a different computer and request secondary authorization. It does this by looking at the information the browser sent...and...oh...oh. Geez I hate security theater. Is there anything less secure than the information sent by your browser?