Credit card security in the US is based around two points:
1. Card-not-present transaction fraud is so easy that there's no point in putting any effort into making card-present transactions secure.
2. Vendors pay for card-not-present transaction fraud
It's like worrying about the quality of your door lock, when the door is right next to a picture window, and someone else is paying for your insurance.
1. iPhone
2. An Express Transit Card activated
3. The Express Transit Card is a Visa
Setting Express Transit Card to None will stop it, as will using a Mastercard instead of Visa.
Visa's position on this is that in-person fraud accounts for 2ยข out of every $100 spent. For them, it doesn't seem worth the investment for a very unlikely event, and the user is not responsible for fraudulent charges. The knowledge of this vulnerability has been out in the wild for several years, so it doesn't seem like it's been much of an issue in the real world. It sounds like they believe their efforts are better spent on other more impactful fraud.
Though it is a neat demo of what is possible, the tech behind it is interesting, and it does give some idea of red flags to lookout for.
Yeah as the video points out, the fact that Visa will refund your fraudulent charges depends on you noticing the charge. Of course, this isn't like a regular charge that can be snuck by you because it will show up on your phone. Maybe if someone ran it in the middle of the night then when you groggily check notifications it would be buried under a bunch of other notifications.
Credit card security in the US is based around two points:
It's like worrying about the quality of your door lock, when the door is right next to a picture window, and someone else is paying for your insurance.Full video on YT: https://www.youtube.com/watch?v=PPJ6NJkmDAo
For anyone looking for the TL;DW...
This takes 3 things to work.
Setting Express Transit Card to None will stop it, as will using a Mastercard instead of Visa.Visa's position on this is that in-person fraud accounts for 2ยข out of every $100 spent. For them, it doesn't seem worth the investment for a very unlikely event, and the user is not responsible for fraudulent charges. The knowledge of this vulnerability has been out in the wild for several years, so it doesn't seem like it's been much of an issue in the real world. It sounds like they believe their efforts are better spent on other more impactful fraud.
Though it is a neat demo of what is possible, the tech behind it is interesting, and it does give some idea of red flags to lookout for.
Yeah as the video points out, the fact that Visa will refund your fraudulent charges depends on you noticing the charge. Of course, this isn't like a regular charge that can be snuck by you because it will show up on your phone. Maybe if someone ran it in the middle of the night then when you groggily check notifications it would be buried under a bunch of other notifications.