This is one of the concerns I raised with Visa and MC in my previous life working for the "other" global scheme and is principally the reason why the "other" scheme sat tight before launching their own version.
IMHO Visa rushed to market with VbyV - I was at the Cybersource sponsored CNP workshop where their new boy announced the service and proclaimed "chargebacks are a thing of the past for CNP merchants". A slightly OTT claim given the subsequent back peddling over CB codes that are infact covered by VbyV and the easy way a V issuer can simply find another reason to CB.
In principle if the box is suppressed and the Cardholder doesn't see it the transaction should freeze. If it doesn't and is allowed to continue then guess what - you're liable.
Couple this to the service's exposure to phishing and the appalling take up rates and again, IMHO, the service will either wither on the vine or have to go through some radical changes before widespread issuer acceptance.
Also, be careful when assuming all V or MC transactions are covered. Read the small print and you'll realise only certain card markets are afforded even the limited CB protection by these services so you'll still need to parse country of origin to ensure you are covered.
When I left the "other" scheme back in June there was huge discussion in the "industry" about these two services - not least amongst UK issuers and acquirers who were stressing out about the cost of a) the fallback to the Issuer and b) the cost and complexity of implementation for merchants (a simple API these ain't) c) the perception of merchants as to it's value.
Speaking as one who has lived a while on "the dark side" as merchants regard it, there is a genuine desire to find the "Holy Grail" in CNP payments that will perform the basic function of "accept payments this way and you are guaranteed payment". I myself got my scheme to the point of "almost" being able to offer that - a chance in a billion of getting it wrong meant we didn't go to market.
I'd ask some very probing questions of anyone offering you this or any similair service. Just exactly which liabilities am I being released from? What happens if the pop up is supressed? What other reasons can be used to execute CB?
Bear in mind that UK Banks at least have publicly voiced the opinion that people who are phished should be liable for any and all losses (negligence in the banks eyes) it may not be too long before VbyV and other similair schemes usefulness in cardholders eyes diminishes with successful phishing attacks.
Watch this space for EMV in a CNP environment. Shouldn't be too long before that's on offer - just got to get Cardholders in the right frame of mind and prove the technology :)
Same goes for Chip & PIN in the UK. The Card Issuers will be laughing - merchants won't. The France experiment seems to only be reported one way - resounding success! For the French issuers, undoubtedly. For foreign issuers and French merchants - not really. Inbound fraud shot up - so much so that the France infrastructure had to be upgraded intoto to perform 100% live auth on all inbound spend - a nightmare given the then weak state of the telecoms infrastructure.
Fraudsters aren't dumb. The majority of worldwide loss goes to highly intelligent and driven groups organised much on the same lines are corporations.
They have figured the Chip & PIN rollout as an "expense" and are already finding ways round it. The migration to CNP environments is one example - also watch for an initial sharp increase on fall back to magstripe as retailers try to get their heads round the new reality of acceptance - all it takes is some clear nail varnish to render a chip useless and the humble magstripe is in use again.