Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> should redirect me to my bank

Eugh. The problem with that is that people don't verify they've actually been sent to their bank. An attacker will set up fake merchant sites, pay for Google ads to get your traffic, then have you log into your bank to pay for things.

The more we normalise this, the quicker people will fall for it.

 help



If they haven't been redirected to their bank, verifying with their mobile banking app using a QR code will not work.

reply


Can't the attacker just man-in-the-middle to the real bank, and show the QR code to the phone?

Does the entire transaction take place on the phone? I don't think that's a good option.

reply


So I have to get out my phone every time I use my credit card on my computer?

reply


Not credit card. Bank account. Webauthn/passkeys could also work for auth as they check the domain and can't be phished

reply


That’s why we don’t pay 3%+ on all transactions

reply


I get 3% cash back, though.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: