this post was submitted on 01 Sep 2023
4 points (75.0% liked)

Apple

561 readers
1 users here now

A magazine for news and discussion about a small Silicon Valley fruit company.  ### See also

founded 2 years ago
 

An inexcusable NYC subway security flaw has been revealed, allowing anyone with knowledge of a user’s credit card number and...

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

anyone with knowledge of a user’s credit card number and expiry date to track all journeys made within the past seven days.

Honestly, if someone has your CC number and expiry date the last thing I would be worried about is them being able to see my history of subway trips.

[–] sramder 0 points 1 year ago

Probably, but I’d still argue that one of the things you shouldn’t have to worry about is that data easily revealing your location history. It’s just kind of a goofy feature for the transit system to offer that has a lot of abuse potential that most customers aren’t aware of.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

If 9to5Mac were run by reputable journalists, this poorly-researched article with its conspiratorial conjectures would have been taken down already.

The explanation for the Apple Pay aspect is something called the Payment Account Reference (PAR). Mastercard has a brief overview. Everything is working exactly like it is designed and as advertised. Apple Pay is not (and cannot) send your full real card number, but if you give a merchant your real card number, they can look up a reference number shared by every token associated with the card.

[–] reddig33 1 points 1 year ago

If someone has your credit card number, you have worse problems than being tracked through a subway station.

Also the MTA has already disabled the feature that allowed for this.

[–] isaachernandez 1 points 1 year ago