Verified by Visa or useless verification

In theory, the Verified by Visa mechanism provides the buyer with double protection. Firstly, it confirms the authenticity of the seller. Secondly, it protects from unauthorized transactions by requesting a password to confirm the transaction. In practice, it is possible to conduct an unauthorized transaction. I even find it difficult to classify this possibility as a vulnerability, as it is provided by the system. But if so, then the question is "why"?
Below I describe the situation that happened to me today.

1. When trying to make a payment with a Visa card, the seller redirected to the website of the issuing bank with the Verified by Visa mechanism. I registered for the use of this service a long time ago, several years ago, and since then I have not used it. The password was not sure. Not a problem, there is an option to reset and change the password.

2. Using this option, I went to the data entry form to reset the password. The password reset mechanism did not accept my data, producing an error about the impossibility of confirming some data (which is understandable; there is no need for an attacker to know which ones). The system also indicated that it is now necessary to enter a confirmation code, which must be obtained from the issuing bank.

3. It is logical to assume that at this stage the system will expect a confirmation code issued by the bank (which I did not ask for by the way), trying to repeat the transaction. It turned out not, the system does not request either a password or a verification code, but immediately gives the form of resetting the password. I re-enter the data and further repeats point 2.
')
4. At this stage, I was interested in this process and I decided to check whether there is a limit on data entry. I did not count the exact number of times, but the limit was reached rather quickly. After reaching the limit, the system issued a message about its exceeding. But the most interesting thing was a little lower, where the system reported that I could still complete the transaction, but it would be unprotected.

5. Once again, going to the seller's website, I repeated the payment attempt. Payment passed immediately, bypassing the mechanism Verified by Visa.

In general, it turns out as in that joke with the Chinese and the password. The system can be simply "zadolbat" to allow transactions.