You'll need to fake much more than just that. Usually the bank website will ask you to confirm the transaction by opening the banking app on your mobile phone.
> Trading a dependency on MasterCard and Visa for one on Google and Apple is at best a sidegrade.
That's really not how it works. You as the user are prompted to pick the bank you want to use, and then your bank prompts you to approve the transaction.
The only scenario I can think of that might involve google or apple is if you want to use Android or iPhone for mobile payments with NFC.
Not really, since in modern 3DS implementations, the redirect pretty much only shows a modal saying "check your phone for a notification and confirm this payment there".
Worst case, you'll be entering a one-time code received out of band, e.g. via SMS, and that message will mention what you are consenting to by entering it anywhere, so even MITM attacks are very hard.
The days of entering a static password in 3DS are long gone.
not really, the redirect itself is happening at EMV DS level, not by the merchant himself. Merchant has no idea what bank your card belongs to, so he does not know which bank to redirect you to.
You'll need to fake much more than just that. Usually the bank website will ask you to confirm the transaction by opening the banking app on your mobile phone.
Trading a dependency on MasterCard and Visa for one on Google and Apple is at best a sidegrade. More likely you end up worse off.
> Trading a dependency on MasterCard and Visa for one on Google and Apple is at best a sidegrade.
That's really not how it works. You as the user are prompted to pick the bank you want to use, and then your bank prompts you to approve the transaction.
The only scenario I can think of that might involve google or apple is if you want to use Android or iPhone for mobile payments with NFC.
Not really, since in modern 3DS implementations, the redirect pretty much only shows a modal saying "check your phone for a notification and confirm this payment there".
Worst case, you'll be entering a one-time code received out of band, e.g. via SMS, and that message will mention what you are consenting to by entering it anywhere, so even MITM attacks are very hard.
The days of entering a static password in 3DS are long gone.
not really, the redirect itself is happening at EMV DS level, not by the merchant himself. Merchant has no idea what bank your card belongs to, so he does not know which bank to redirect you to.