Y
Hacker News
new
|
ask
|
show
|
jobs
by
efdee
34 days ago
If they haven't been redirected to their bank, verifying with their mobile banking app using a QR code will not work.
2 comments
ars
34 days ago
Can't the attacker just man-in-the-middle to the real bank, and show the QR code to the phone?
Does the entire transaction take place on the phone? I don't think that's a good option.
link
cortesoft
34 days ago
So I have to get out my phone every time I use my credit card on my computer?
link
ptman
34 days ago
Not credit card. Bank account. Webauthn/passkeys could also work for auth as they check the domain and can't be phished
link
jbverschoor
34 days ago
That’s why we don’t pay 3%+ on all transactions
link
cortesoft
34 days ago
I get 3% cash back, though.
link
Does the entire transaction take place on the phone? I don't think that's a good option.