Comment by supertrope
3 years ago
Merchants are even more lax about card fraud than banks. The National Retail Federation complained about the cost of upgrading to chip readers. They asked the government to force banks to eliminate PCI DSS which would make it even easier to commit credit card fraud. PCI DSS is compliance not security but without it retailers would literally do nothing. Some retailers tried to get customers to switch to QR code payments linked directly to your bank account. One of these payment apps CurrentC was immediately breached.
Smart cards were also breached before the US switched to them.
I'd object to paying for PCI DSS if I were them, to be honest. The idea that every merchant (or credit card reader) even has access to credentials is ludicrous.
The currentc was of email lists, not the payment flow. It's embarrassing, but still a better track record than the existing payment processors (which probably suffered 10,000s of payment flow breaches as I typed this.)