Hacker News new | ask | show | jobs
by hedora 2569 days ago
As an end user, how can I tell the modal dialog is actually my bank?

It looks trivial for the vendor to man in the middle attack.

I’d take my business elsewhere if presented with a UI from some random e-commerce site asking for extra personal information.
1 comments
HatchedLake721 2569 days ago
3D secure payments in Europe have been a standard for years - being presented with additional verification steps for online purchases.

Attacker cannot know who you bank with. Plus, most of the time the confirmation screens are something like confirming 2nd/Xth characters of your password/date of birth.

link
oakesm9 2569 days ago
I bank with Monzo and they send a push notification to my phone with an "Approve" button. No way to fake that.
link
plttn 2569 days ago
> confirming 2nd/Xth characters

That is somehow significantly less reassuring than not having 3D Secure payments in the first place.

link