Why do debit/credit cards have PINs if someone who steals a card can just use it on the Internet without the PIN?
The contatctless payments are more secure, you can usually only use it up to a certain amount of money (~12.50 USD here) three times a day without entering a PIN, so you don't lose that much.
Why isn't the same required for Internet transactions?
>>51794756
Because credit card providers themselves have not seized the actual electronic transaction business.
And nobody else but them and banks usually is trusted with PINs?
They also probably thought it unwise to give home users access to the interface ATM use.
>>51794847
Then why do they even have PINs in the first place if the cards can be used without them?
>>51794914
For store use? See, trust in all these proprietary store payment terminals is better than in home endpoints... even if I have some doubts about it not being a lot of security theater, anyways.
I've always wondered this myself op.
You can even run them at the stores as "credit" to bypass the pin.
Everyone out here at least never checks for photo Id. Even handing the cards to them they just instantly swipe and don't even bother to look at the name on the card.
>>51794982
But.. if someone would steal your card, they could just type the numbers into some Bitcoin-selling service on their phone, then throw it away, or even return it.
It's like.. if you'd be able to login to your mail without a passwors, but only sometimes. Why even have a password in the first place?
>>51795032
I have no idea what swiping you are talking about. I haven't seen a terminal with that swipe thing since about 2010.
>>51795094
> But.. if someone would steal your card, they could just type the numbers into some Bitcoin-selling service on their phone, then throw it away, or even return it.
Only if the bank / credit card provider trusts that bitcoin-selling service?
Chargebacks and everything like that can happen...
> It's like.. if you'd be able to login to your mail without a passwors, but only sometimes. Why even have a password in the first place?
Because actually, yes, it's all a mess.
We'd always be using two (offline chip reader, pin?) or three factor (offline chip reader, pin, SMS code?) authentication otherwise.
But credit card providers still have their kinda levels of trust.
>>51794756
you need a valid address thats registered at the bank for an online transaction. if the payment address doesn't match your fucked.
>>51795094
>I haven't seen a terminal with that swipe thing since about 2010.
This is an Amerifat threat you buffoon
>>51795173
My address is in my wallet with my card.
>>51795179
I am OP.
>>51795208
>My address is in my wallet with my card.
Sounds like your mistake
>>51795208
google verified by visa
>>51795226
It's on my ID that I have to carry. And on my student's ID that I also have to carry.
>>51795243
How would that work for services that automatically pull from your card, like DigitalOcean?
>>51795243
I'm gonna use it now, thank you.
>>51795226
>your mistake
You mean you don't?
How do you get around without a drivers license?
>>51795288
what are you talking about a direct debit?
check direct debit guarentee bank will pay you if you didnt authorise it
>>51795243
This. Most European banks force you to use this for online purchases. Mine uses what they call a SIM app, which is completely distinct from an application running on the phone itself.
>>51795446
How would "verified by visa" work with services that charge your card automatically, eg. monthly?
>>51795243
THIS IS FUCKING BULLSHIT
https://translate.googleusercontent.com/translate_c?sl=pl&tl=en&u=http://www.ingbank.pl/indywidualni/karty/3d-secure
My bank already uses a variation of it that sends an SMS message.
IT IS OPTIONAL.
Most of the internet stores just don't use it. I've only seen it in action only a couple of times, most of those times I paid with PayU, a Stripe-like company.
>>51795536
>>51795744
Answearing my own question for anyone interested: it fucking takes money without asking for a password.
security my ass
http://www.zwipe.no/
Feels like a great idea to me. How to implement it for online usage? Bind your card to a phone with fingerprint scanner? Thoughts?
>>51796077
The thing is that we HAVE a solution (>>51795243) but nobody uses it because nobody wants to enforce it.
>>51796107
it's used all the time in the UK. Kind of annoying actually.
>>51796247
But are you still able to pay for something that uses the old system?
If yes, then it doesn't provide anything at all.
>>51794756
Its a two factor authentication, criminal can steal the card but not pin (he must get it some other way), when buying on the internet, criminal must know billing address, nowadays even stuff like browser agent and ip must match otherwise larger transactions will get flagget and stop being proccessed (or they might call registered phone number to confirm transaction).
