Consumers will be able to make one-click payments at the checkout page using biometric authentication with a thumbprint
That's a nope from me, dog.
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
Consumers will be able to make one-click payments at the checkout page using biometric authentication with a thumbprint
That's a nope from me, dog.
This is likely something like a FIDO token/passwordless setup of some sort (i.e. Windows Hello).
The thumbprint would just unlock the hardware device, so the thumbprint itself wouldn't need to be transmitted to your credit issuer. This gives you full two factor authentication of your identity because you need the hardware device (something you have) and your biometric (something you are). They also often allow pins (something you know) instead of biometrics as the second factor.
Yeah, I’m not giving them biometrics. There had better be an alternative option.
The first thing I thought was "what's the alternative?" If I don't do biometrics on my phone then why would I do it for my credit card? I'm American so I don't have to worry about this yet but it's probably an indicator of what's coming here.
It'd be cool if they had a yubikey integration or some other hardware based solution where you must physically present it.
I might be wrong, but I think they will probably let the OS handle the biometrics offline, which means that they won’t have access to your biometrics, they just work with cryptographic keys. Otherwise it doesn’t make sense, as apps usually don’t have direct access to the fingerprint reader. It will probably be similar to how a passkey works.
Sure. Because "working with banks, fintechs, merchants" was a swift friendly collaboration when moving to chip and PIN...
(/sarcasm ... Because it was not.)
I'm pressing X to 'doubt' on this one.
Edit: I'm American. It's a good point that Europe has historically done a much better job with payment security.
In Europe it was relatively smooth though, in my experience. I worked in a shop when it was rolled out. I'm guessing you're American?
Good guess.
Your banking systems are two decades behind everyone else. Please rejoin this thread in 2044 thanks 😂
Ouch. But very fair.
I’m always down for stuff like this but it doesn’t sound much different from having to approve the payment in the app or using one of those single-use cards. I’ll wait and see how the passkey works.
no more custom roms if you want to actually pay for stuff. awesome.
Interesting but I just memorized my card numbers. It's incredibly convenient and I recommend everyone to do it.
This might improve security though, because instead of using the same numbers everywhere you use different tokens everywhere.
It would be cool if computers could use their smart card readers (Chip and NFC) to pay stuff online.
Oh fuck that so much
If NFC was ubiquitous across all devices I could see something like this working relatively easily. But given the matrix of devices, operating systems, web browsers, apps, etc. I don’t see this as an easy task at all…
But guys! This isn't going to be hackable at all! And it's certainly not going to be a problem for problematic gamblers or anyone with compulsive spending habits
That isn't a concern and it shouldn't be. People are responsible for themselves, why should I be inconvenienced because progressive iterative improvements could negatively impact a select few people that are entirely responsible for themselves?
As for hackable, they would not do it unless it was more secure and if it is easier for the consumer what is the problem. Fraud protection is standard here anyway, never heard of someone not getting their money back when someone else uses their account.
consumer
We aren't consumers, We're citizens, we're customers, we're users, but we aren't consumers.
Cars consume gasoline and diesel, fire consumes whatever it's burning, but people are people.
You are a consumer don't be pedantic, you are creating the negative connotation.
This feels like a really good idea. I hope we get this in Canada too