• PhobosAnomaly@feddit.uk
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      18 days ago

      As entertaining as that is, it does raise the question - why do they put all of the details on the back now?

      I thought one of the main reasons that the CVV was on the signature strip was so if a card was photocopied, photographed, or carbon copied (literally on carbon paper), then it was still less possible to clone the card.

      Is “physical” cloning so small of a problem now that it’s more beneficial to make fancy looking cards? Anyone in the industry able to shine a light?

      • ayyy@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        18 days ago

        It’s literally because vain idiots kept posting pictures of their credit card online and getting defrauded.

      • noredcandy@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        18 days ago

        This is an EMVCo chip card, and not an American one so it’s chip and pin most likely. Without getting too detailed, the chip generates a one time use code for each transaction, so just having the number wouldn’t help with cloning the card plus you also would need to know the PIN. Although skimmers still exist and physical card theft is a thing, it’s less common especially in markets that use chip and pin.

        • prole@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          0
          ·
          18 days ago

          I’m in the US, and all of my cards have the numbers on the back now, and they’re not raised. I’m pretty sure we transitioned to chip and pin like a decade ago.

          • dan@upvote.au
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            18 days ago

            The transition to contactless (where you tap your card or phone instead of inserting the card) took so long in the USA though. It only really became popular during COVID and with Apple Pay. Home Depot finally enabled contactless payments recently. In Australia, we were using contactless payment 15 years ago!

            US banking is behind in a few other ways too. Apps like Venmo and Zelle just don’t exist in some other countries since you can easily do an instant transfer through your bank to anyone else for free. Some US banks still use SMS for two factor auth, which is insecure.

        • PhobosAnomaly@feddit.uk
          link
          fedilink
          arrow-up
          0
          ·
          18 days ago

          Absolutely spot on, thank you - always handy to know.

          I’m wondering what it does to mitigate the “card not present” fraud though, for online purchases or remote purchases?

          • Doxin@pawb.social
            link
            fedilink
            arrow-up
            0
            ·
            18 days ago

            As far as I understand it the pin&chip system involves a challenge/response between the bank and the card. You can’t just “clone” the chip, because the secret data it contains is essentially write-only.

            • PhobosAnomaly@feddit.uk
              link
              fedilink
              arrow-up
              0
              ·
              18 days ago

              Sorry, maybe I wasn’t clear.

              I’m assuming the 16 digit card number, start and expiry dates, and CVV are printed on the reverse - whereas it used to only have the CVV on the reverse and the rest of the details on the front.

              What’s stopping someone with a picture of the rear of the card visiting an online retailer and going wild with a picture of just one side of the card these days - aside from multi-factor authentication at the point of authorising the payment?

          • iii@mander.xyz
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            18 days ago

            In my case, I have to verify online purchases on my bank’s app. Which makes online banking impossible without an android or apple phone.

        • dependencyinjection@discuss.tchncs.de
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          18 days ago

          Furthermore even if a card is skimmed these days, at least in the UK, it’s still unlikely transactions would be processed online.

          That’s because it’s become so commonplace now for transactions to pop-up in the banks app on the owners phone and they must confirm the transaction and / or receive a code via SMS. Some just use SMS as a means to confirm a transaction.

          I guess one vector for attack still remains and that is SIM swapping, but even that is more difficult these days due to widespread awareness from carriers.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      0
      ·
      18 days ago

      When I made a new linux install I chose Arch. I think for me the reasoning is thus. While I have a LOT of experience with unborking server linux installs, with desktop it’s just a pain to deal with. I previously used Manjaro which, while very easy to install, does obfuscate a lot of what happens behind the scenes. When it goes wrong, personally I found it harder to fix.

      With Arch, beyond enough to give me a terminal and basic gnu tools, I’ve chosen what I install from then on. I think that means when things go wrong there’s a much higher chance I’ll know what it is and how to solve it.

      Time will tell if this plan works out or not though :P