|
|
|
|
|
|
by johncolanduoni
979 days ago
|
|
|
When performing this kind of verification, you can easily (and usually do) block cards from services like privacy.com by looking at BIN codes. I also don’t think spammers can get large numbers of unique DPANs from Apple and Google Pay since that involves a cryptographic exchange between your device and Apple/Google with involvement from your issuing bank. Also most payment processors provide some sort of key that lets you identify if two users entered the same credit card number, for example Stripe[1]. So you’re not limited to last four digits for checking if two cards are the same. [1]: https://stripe.com/docs/api/cards/object#card_object-fingerp... |
|
|
Spammers do have large number of unique phones in their farms as well as budget to have undetectible rooting and hardware ID faking. And Google Pay / Apple Pay as well as majority of banks actually do nothing to prevent you from adding your cards to 10 different phones.
Of course it's all makes lives harder for everyone who want to get a new account, but nothing including literal ID / passport and face verification make is impossible to bypass.