Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note that if Visa/MasterCars were to force two-factor (or 3DS how they call it) the cardster business would be severely hampered, as one could not simply copy dumb credit card numbers around.

But they do not so, because the fraud cost is paid by merchants (fines, fraud buffer in fee %) and ultimately the consumers as higher prices. Fraud does not hurt Visa/MasterCard bottom line.



> were to force two-factor...

Q: How secure is the "forgot 3DS password" functionality on 3DS-enabled cards?


It depends on a bank. It can be a mobile app based, but is often SMS based.

Still orders of magnitude safer than without.


This is about to happen in the EU due to a regulation called PSD2. It's started to be phased in but will kick in properly in September.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: