undefined | Better HN

0 pointsdetaro6y ago0 comments

So anyone you ever bought something from with that credit card should be able to kill your AWS account with a simple phone call?

0 comments

Nextgrid6y ago

They could send an email to the owner of the account asking to reauthenticate the card (re-enter the numbers & CVV, go through 3D-Secure or provide a picture of the card or bank statement).

This would mitigate incidents like this - as far as I’m aware the attacker doesn’t actually have the card number, so giving them 24 hours to confirm it (or the card gets removed after that) would be a good solution while remaining only a minor inconvenience for legitimate usage (realistically speaking, how many online stores who might have your card number are malicious enough to call companies and try to get your accounts shut down, with no benefit to themselves?)

j / k navigate · click thread line to collapse

0 comments

Nextgrid6y ago

They could send an email to the owner of the account asking to reauthenticate the card (re-enter the numbers & CVV, go through 3D-Secure or provide a picture of the card or bank statement).

j / k navigate · click thread line to collapse