• PhobosAnomaly@feddit.uk
    link
    fedilink
    arrow-up
    16
    ·
    21 days ago

    Absolutely spot on, thank you - always handy to know.

    I’m wondering what it does to mitigate the “card not present” fraud though, for online purchases or remote purchases?

    • iii@mander.xyz
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      20 days ago

      In my case, I have to verify online purchases on my bank’s app. Which makes online banking impossible without an android or apple phone.

    • Doxin@pawb.social
      link
      fedilink
      arrow-up
      5
      ·
      21 days ago

      As far as I understand it the pin&chip system involves a challenge/response between the bank and the card. You can’t just “clone” the chip, because the secret data it contains is essentially write-only.

      • PhobosAnomaly@feddit.uk
        link
        fedilink
        arrow-up
        7
        ·
        21 days ago

        Sorry, maybe I wasn’t clear.

        I’m assuming the 16 digit card number, start and expiry dates, and CVV are printed on the reverse - whereas it used to only have the CVV on the reverse and the rest of the details on the front.

        What’s stopping someone with a picture of the rear of the card visiting an online retailer and going wild with a picture of just one side of the card these days - aside from multi-factor authentication at the point of authorising the payment?

    • noredcandy@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      20 days ago

      There’s additional tools for e-commerce transactions like 3DSecure (step up authentication like an OTP) and passive identity verification tools.

    • dependencyinjection@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      20 days ago

      I just replied this to the parent comment.

      Furthermore even if a card is skimmed these days, at least in the UK, it’s still unlikely transactions would be processed online.

      That’s because it’s become so commonplace now for transactions to pop-up in the banks app on the owners phone and they must confirm the transaction and / or receive a code via SMS. Some just use SMS as a means to confirm a transaction.

      I guess one vector for attack still remains and that is SIM swapping, but even that is more difficult these days due to widespread awareness from carriers.