Hacker News new | ask | show | jobs
by MertsA 4049 days ago
The problem I have with just about every payment processor out there is something that Bitcoin does well with from a protocol perspective. Right now you can copy a credit card with a mag reader in seconds, compromising some website that accepts credit cards means no limits to how much you can spend with other merchants, even having your credit card number stored in an RFID tag that can be read from a few feet away inconspicuously!

The status quo might mean that money can be clawed back after it's sent but identity fraud (or using someone else's credentials) should not be a problem in 2015, we've had SIM cards that can provide a secure method for identifying a physical device since the 90s. Why can't any payment processor come up with a decent alternative to having a magic number that you have to give out all the time that can be used to authorize arbitrary transactions? Maybe eventually every citizen will get a smart card of some kind and we can just use that.
3 comments
pjc50 4049 days ago
ApplePay potentially meets that description. Also, chip-and-pin cards.
link
geomark 4049 days ago
Estimates are that ApplePay is experiencing fraud rates as high as 6% at some banks.

http://money.cnn.com/2015/03/18/technology/apple-pay-fraud/

link
ubernostrum 4049 days ago
Except that entire issue really boils down to the incompetence of the banks; Apple Pay itself is fine, it's the initial step of having the bank verify and confirm the payment info being loaded in that's the problem, since the bank will "verify" that a dancing bear with a party hat and a clown nose is actually you.
link
frickingyc 4049 days ago
what do guys chooses for payment processing?
link
gress 4049 days ago
That is describing using Apple Pay as a way to tender already stolen credit cards and has nothing to do with the security of Apple Pay itself.
link
lawnchair_larry 4049 days ago
The end result is the same. It's just like using a stolen card.
link
coldtea 4049 days ago
We're not talking about the end result, we're talking about the security of a specific method of payment.

If we were discussing how insecure IE 6 is and how it can get you hacked, then the fact that using Chrome to directly give your info to a shady site can have the same result (get you hacked), doesn't say anything for the relative security of Chrome vs IE 6.

link
geomark 4049 days ago
That's right. ApplePay does nothing to mitigate the credit card fraud problem. And until banks get better at verifying a stolen card isn't being loaded into ApplePay the problem is actually much worse.
link
gress 4044 days ago
ApplePay does a huge amount to mitigate the credit card fraud problem for it's users. The fact that it can be used to process cards stolen others is irrelevant.
link
colechristensen 4049 days ago
You maybe should have noticed already, but this already exists and the transition is in progress.

http://blogs.wsj.com/corporate-intelligence/2014/02/06/octob...

You should have already (or very soon be) getting new credit cards in the mail with a SIM chip in them.

After October 15, 2015 credit card companies (instead of merchants) will be liable for financial losses due to credit card fraud where the consumer is forced to use the mag stripe. (In the US of course)

link
tluyben2 4049 days ago
We have been working on a solution for exactly that and it works well. Launching soon with actual product.
link