Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
efdee
1mo ago
0 comments
Save
Share
If they haven't been redirected to their bank, verifying with their mobile banking app using a QR code will not work.
0 comments
5 comments · 2 top-level
top
newest
oldest
cortesoft
1mo ago
· 3 in thread
So I have to get out my phone every time I use my credit card on my computer?
ptman
1mo ago
Not credit card. Bank account. Webauthn/passkeys could also work for auth as they check the domain and can't be phished
jbverschoor
1mo ago
That’s why we don’t pay 3%+ on all transactions
cortesoft
1mo ago
I get 3% cash back, though.
ars
1mo ago
Can't the attacker just man-in-the-middle to the real bank, and show the QR code to the phone?
Does the entire transaction take place on the phone? I don't think that's a good option.
j
/
k
navigate · click thread line to collapse
