Bank of America's SafePass is an example of an SMS-based multi factor authentication tool. I use SafePass in specific steps of my online banking life. Should BofA integrate its SafePass method with VCAS, it could prompt me via SafePass if it sees a risky transaction. A SafePass prompt would appear, I'd say "send the text", and enter the value I receive on my mobile into the prompt box. I would not be shown an online portal window requesting my online banking credentials.
How VCAS Works
It's About the Merchant AND the Financial Institution.
Visa's been working on recruiting financial institution support for VCAS. But it's early days for merchants. They'll have work to do. And Visa isn't sharing performance metrics yet. Those metrics will vary widely depending upon the merchant category.