Comment by adev_
3 hours ago
> Doing it right is exactly the thing that makes this impossible. [...] do you really think that database will never be breached? It would become the prime target for all attackers in the world.
Critical data is always better in the hand of a few (trustable) than in the hands of many.
That is currently the exact reason why you are using Paypal instead of giving your credit card number to everybody.
That is the exact reason why you are using a password manager.
A lot about security is about who you trust, and for how long.
I don't use Paypal. My credit cards protect me from fraud. And it rarely happens. In fact it's been well over a decade since I had a fraudulent charge on any of my payment cards. Funny how when there's motivation, protection happens.
> My credit cards protect me from fraud.
Your credit card protect you against nothing. Reimbursement in case of fraud is not fraud protection, it is just bare minimal customer service.
In fact, the first thing your bank will do when your credit card number has been leaked and was used for a fraud... is to replace your credit card.
Because they know that, when the number is in the wild, it will happen again. The system is inherently insecure in case of dataleak.
Visa and Mastercard spent decades and millions constructing systems like "3D secure" supposed to protect again that by enforcing external authentication factors. But since the system is not enforced in every country, it is still a problem today.