[Shrugs]

very awesome tech + privacy combo

Since fraud detection is done on-device, is there any clever encryption or security features that stop me from issuing a direct API request to the service with my (or someone else's) credit card info? If not, I'm worried that a technical fraudster could script their way around the ML model (and therefore not need the physical card), especially since cc lists are already nicely formatted. This would hurt pretty badly if the service assumes that DyScan is infallible and then doesn't have mechanisms for detecting fraud post-signup.

[julia-zheng]

Great question! The company that owns the app is ultimately responsible for the encryption there, but there are a few ways we can help out with that as well (sorry, I know this is a terrible answer - but it's best practice not to reveal too much about how the encryption works)