undefined

points

by lifeisgood9921 hours ago |

comments

by mrbluecoat21 hours ago|

[-]

I don't. GrapheneOS is worth the effort of pulling a card out of my wallet.

by gvurrdon10 hours ago|

parent|

[-]

In general I'd agree.

Curve demand a "video selfie" and I've never been comfortable with sending companies such biometric data.

by hparadiz19 hours ago|

parent|

prev|

[-]

It's infuriating that they won't do this for non Google Android. It's in the best interest of both the bank and the card owner. Credential theft risk goes down to basically zero when backed by a fingerprint authenticated virtual card.

by 62746718 hours ago|

parent|

[-]

I'm sure contrats between Google and banks provide the financial guarantees that not open-source project would be able to. Unless governments mandate there's zero interest from banks to put extra effort into building for unpopular solutions

by tombh13 hours ago|

parent|

prev|

[-]

What do you mean by credential theft? Stealing the numbers on the card or a malicious person triggering the contactless payment?

by hparadiz12 hours ago|

parent|

[-]

Stealing the numbers. Could've been someone taking a photo of the card out of sight. I honestly don't track my card that well when I'm out cause it's easy to have a transaction voided if it's legit not me. Then again cameras are everywhere now.

by jojobas19 hours ago|

parent|

prev|

[-]

Banks don't want the headache of supporting multiple weird phone OSes and it's understandable. As long as they don't require running an apple/google-certified device and OS I don't care.

by _carbyau_18 hours ago|

parent|

[-]

> Banks don't want the headache of supporting multiple weird phone OSes and it's understandable.

Commercially, this makes sense.

I am surprised that most nations of the whole world are fine with every citizen relying on one of two american companies for their lifestyle interactions though. I would have thought more nations would legislate their banks must support other options for sheer sovereign resilience.

by hparadiz17 hours ago|

parent|

[-]

> Commercially, this makes sense.

Does it though? The people in this thread are like "just use a card". Well I've done that for years and had my card skimmed, lost, and stolen over the years. The cost wasn't trivial either. The credit card company knocked it off my balance but also lost on sales when I didn't have my card while they issued me a new one. It cost the credit card company actual money in both lost sales and in dealing with the fraudulent transactions.

Now if I was allowed to use my rooted Android phone during those years? It would have been locked down tighter than the vast majority of Windows boxes.

People forget that one of the value-adds of credit cards in the first place is that suddenly you didn't have to walk around with a big wad of cash. Credit cards gave you that extra level of security. Even if someone stole it, it's useless to them as soon as you make a phone call to the CC company. We can verify a transaction with a yubikey-like secret store on your device that never shares the private key with the operating system and which generates a virtual credit card on the fly. That's literally how Apple Pay and Google Pay already work. So whether a device is rooted or whatever literally doesn't matter.

by 17 hours ago|

parent|

[-]

deleted

by microtonal13 hours ago|

parent|

prev|

[-]

Does skimming still happen a lot? At least in Europe we have switched from magnetic strip to chip-based cards, which are protected against replay attacks.

by hparadiz12 hours ago|

parent|

[-]

We have chips but magnetic strips are still on most credit cards and payments are still accepted that way in many older payments gateways. From what I read on the topic the cost of lost business if this was disabled is greater than eating the cost of skimmer attacks. There is a several year plan to phase it out entirely. It's mostly because initially when chips came out a lot of business owners were angry that they had to buy new payment machines and good luck explaining this to a none tech person.

by Liquid_Fire9 hours ago|

parent|

[-]

In the UK, many banks disable the magnetic strip by default, and you have to temporarily enable it from the bank's app/website if you want to use it.

You'd struggle to find a POS terminal that even has a reader for them in the UK. I've only ever had to enable them in the US or Japan.

by hparadiz3 hours ago|

parent|

[-]

The US first got magnetic strip readers in 1970 so we just have a ton of infrastructure using them. Since most people drive pickpocketing and things of that nature are much less of an issue for us. Typical use has someone using the card for everything then paying it off at the end of the month so if there's a random extra charge the credit card company will typically let it go to maintain the active user.

by throawayonthe12 hours ago|

parent|

prev|

[-]

whether a device is rooted kinda does matter from this pov as it undoes a lot of the security assumptions on android...

however grapheneos isn't rooted anyway

by hparadiz12 hours ago|

parent|

[-]

We're talking about just in time tokens that disappear after use. There's nothing you can do to defeat that on a rooted device. That's the whole point of the entire tech. That's why yubikeys are even a thing.

by jcul21 hours ago|

prev|

[-]

I'm in Europe, but I had accepted that I had to do without. I hadn't heard of curve, going to check that out.

by 400thecat10 hours ago|

parent|

[-]

the Play store reviews for Curve are attrocious, especially the most recent ones. Looks like Curve is absolutely unusable, for many reasons

by carlmr21 hours ago|

prev|

[-]

Garmin pay if you're ok with Garmin is one possibility.

by lucb1e20 hours ago|

parent|

[-]

It's even available in my country! Never heard of it, would have assumed it's not being sold here. Let's see what that costs when I click the "shop now" button that's front and center

> Attention required!

> Sorry, you have been blocked

> The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

Thanks cloudflare *handshake* garmin. I suppose I'll stay with chip and pin for now

by mendelmaleh14 hours ago|

parent|

prev|

[-]

They don't support amex or capital one, the two I use the most...

by wolvoleo20 hours ago|

parent|

prev|

[-]

They have an app for Android that can do NFC? I thought it was only for their watches. Thanks!

by drnick120 hours ago|

prev|

[-]

There is no replacement. Strap a credit card to the back of your phone or pay cash.

by fc417fc80219 hours ago|

parent|

[-]

Use a solvent to dissolve the plastic from the card then epoxy the extracted antenna and chip innards to the back of your phone case. Problem solved. (I'm only 50% joking, you can actually do this but maybe epoxy isn't the best option.)

by microtonal13 hours ago|

parent|

[-]

Somewhat similar, Polar sells a band with an NFC payment chip in it (no experience, just saw it the other day):

https://support.polar.com/en/payment-wristband

by llarsson10 hours ago|

parent|

[-]

Other solutions that use the same underlying technology:

https://fidesmo.com/consumer/wearables/

by mendelmaleh14 hours ago|

parent|

prev|

[-]

I'd like to do this, but epoxy it to a dress watch

by pona-a9 hours ago|

prev|

[-]

There are a few other banks running their own NFC payment systems, like Swedbank in my country.

by orthoxerox11 hours ago|

prev|

[-]

I am not North American, but instead of Google Pay I use my bank's app for contactless payments.

by kQq9oHeAz6wLLS21 hours ago|

prev|

[-]

I have these cards I keep in my (RFID-blocking) wallet, one for each credit account. Then I just pull them out and tap to pay. It's super convenient - no app required!

by Cider998620 hours ago|

parent|

[-]

What does RFID-blocking wallet do?

by ArmadilloGang19 hours ago|

parent|

[-]

People cannot steal your card info via proximity to your wallet over NFC if the wallet’s physical barrier blocks the RF signal.

by sneak18 hours ago|

parent|

[-]

People can't steal your card info via proximity to your wallet over NFC even without an RF blocking wallet. This is tinfoil hat security cargo culting, like putting tape over your webcam while leaving the laptop's microphone connected (audio from your room is much more useful than 2834823428 frames of your greasy face).

by wolvoleo17 hours ago|

parent|

[-]

No but they can steal up to the pin-free amount of money your card allows. They can just hold a sumup to your pocket. Here in Europe most people use debit cards with non-reversible transactions and that limit is often 70-100€ which is quite a lot of money where I live. And they can steal a lot more if they follow you and shouldersurf your pincode.

I definitely use one of those wallets. They're quite convenient too.

by mcsniff20 hours ago|

parent|

prev|

[-]

[flagged]

by dang19 hours ago|

parent|

[-]

Can you please not post aggressively like this? It's against the site guidelines because it destroys what HN is supposed to be for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

by thrownthatway18 hours ago|

parent|

[-]

[dead]

by Cider998620 hours ago|

parent|

prev|

[-]

The person mentioned it like it's a feature for them, but I haven't heard of it being anything other than a marketing gimmick, so I was curious for their perspective.

by okanat20 hours ago|

parent|

[-]

It just has a Faraday cage and blocks radio signals. That's it.

by Saris20 hours ago|

prev|

[-]

Cash for most things, and just use a card like normal otherwise.

I don't really see the appeal of contactless payment, pulling a card out really doesn't take much time.

by mixmastamyk17 hours ago|

parent|

[-]