Comment by jonkoops
4 hours ago
> After typing your card numbers
Yes, but the whole point of Wero is that you don't have to type in a bunch of info that can be easily stolen. With Wero (and many other international solutions), you just scan a code with your phone, and your banking app handles the transactions. The existing legacy solutions are just duct tape on an existing system.
If 3DS and chip + PIN card usage were ubiquitous, the value of a stolen card number and even card would be zero, and this entire problem would go away.
Unfortunately, legacy deployments have just proven too pervasive to effect real change, even with substantial incentives, especially in early card adopting markets such as the US.
Aren't they ubiquitous and required at least for 5-10 years now?
The US essentially uses neither 3DS nor PINs.
But what's the value of stolen card data? It always requires 2FA to be used. It's just routing information to your bank.
Are there still cards that work without 2FA?
So you have to use a phone or does it work without one?
Does it handle credit card payments?
The QR code just contains a URL to a website, so you can also just use that link and a web browser. That website will let you choose which bank you use, and then redirect to your bank's website which will use your bank account directly. I don't think it works with cards at all.
Thanks, that sounds pretty good.
Does it mean that instead of depending on the Visa/Mastercard duopoly you now depend on the Google/Apple duopoly?
If using a phone, yes, but then you probably already did.
Of course not, since you can just install the Android app on your free software aftermarket OS. Surely banks wouldn't require hardware attestation or monitor your device for being rooted, would they? /s
Irony aside, yeah, this is a significant downside compared to hardware-based standards. Not so much for Android, as Google Pay and most competitors are implemented in software, but on a hypothetical iPhone or Garmin device running an open OS (don't laugh, it's a thought experiment), payment data security would be not much of a concern since all payment keys live in a secure and completely separate chip.
If this system is ubiquitous stealing your card number would be useless. Your card number becomes a user name like jonkoops that you would have no qualms sharing.
> you just scan a code with your phone,
And authorize yourself with the banking app, and, and...
It's not less complicated than auto filling credit/debit card details with your finger print on your phone or laptop.
For consumers, Wero, Pix, and similar systems only have down sides for online use. The most important down side is that you can't reclaim your funds if you've been the victim of fraud. Which you can when paying by card.
Has nothing to do with the steps