[sixtyj]

People should have a separate card for online payments and have just enough money on it for a payment.

I know that I am naïve :)

Back to the article: Weak point was a password that lead to another merchant not using 3D secure.

It seems from the article that bad actors have fully automated system, so (big) merchants should have handle automatic login attempts from the same ip address with different accounts. I see it from our wordfence logs that ip rotation is not so quick so it could be handled with some permanent ip blocking.

[kadoban]

Tbh, fraud for credit cards is covered by the bank, so I typically just don't care. I just check my statements for anything that looks off.

[Foofoobar12345]

Mercury now offers personal bank accounts. You can create virtual debit cards just like companies can with Brex/Mercury/Ramp etc.

[kodbraker]

I agree with the seperate card. That was my seperate card and luckily the amount was not quite big because of that.

>Weak point was a password that lead to another merchant not using 3D secure

Well leaking a password shouldn't cause leaking a whole ass credit card data imo. The same data is printed on physical receipts the markets print, sometimes 4 digits, sometimes 10 digits. It's still possible to brute force from unattended physical receipts on the market.

[stavros]

I think https://privacy.com is the best solution we can have with the current system.

[psychoslave]

My previous bank provided this virtual card service on demand. You create the card for a single purchase with a specific amount and that’s it. I moved to an other bank when getting an affordable mortgage loan became impossible in it for me.

[lxgr]

Why should they, if they're not liable for any resulting fraud of the status quo?

[mrbluecoat]

Not affiliated, but Capital One Eno virtual cards work well for this purpose.