• 9point6@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    Phone payments are magnitudes more secure than card payments as they basically are equivalent to using a brand new card and throwing it away for each transaction (in simplified terms)

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      That’s what the chip on the card does too. It’s an embedded computer that generates one time codes just like the phone.

      The main difference is that the phone typically has an extra security measure, like requiring the screen to be on to pay (but you can get a mesh wallet which prevents tap from working); or the phone needs to be unlocked, which is actually useful.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        You still need biometrics, passwords, pins.

        I get the nerves, but I can’t find any reasonable way it’s less secure

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        It’s still safer. They can steal your wallet and pay for anything trivially. If they steal your phone, they have to be able to unlock it to pay with it.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          Anything up to a certain amount. All the banks here have configurable limits for contactless payments (both in number of payments per day and in total amount). If you go over the limit they ask you to confirm in a way that requires the phone anyway. You can also block the cards remotely.

          I’d say it’s a decent mix of convenience and security, even if you use cards.

          And sometimes you have to resort to using cards because some banks have been migrating from using the NFC directly to using Google Pay and I for one don’t relish giving Google insight into my shopping.

          • Zagorath@aussie.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            5 months ago

            If you go over the limit they ask you to confirm in a way that requires the phone anyway

            Oh interesting. Where I am if you go over the limit (usually $100), you just have to input your PIN. But $100 is enough to get up to some serious trouble, considering it’s a per-purchase limit.

            And I’ve both never heard of banks using the NFC directly (as opposed to using Google, Apple, Garmin etc. Pay), and wouldn’t trust them in the slightest with it even if they did offer it, because they’re not exactly known for great security. (And I’ll take security over privacy any day.)

            • lemmyvore@feddit.nl
              link
              fedilink
              English
              arrow-up
              0
              ·
              5 months ago

              They ask for PIN too but that’s a different limit ($20 by default but also configurable). The limits I mentioned block payments for the day if not confirmed.

              never heard of banks using the NFC directly

              Really? I’ve never heard of Garmin Pay. 😄 But that’s the whole point of the NFC chip being open on Android, so apps can use it directly. On iPhone it’s an artificial limitation imposed by Apple so they can take their cut from payments and have a processor monopoly. On Android any app can just do it — not only banking apps and not only payments, the NFC can be used for lots of things like opening doors etc. There are apps like meal tickets that can issue payments, gym apps and so on. Giving that up and going with Google is extremely narrow sighted.