Hacker News new | past | comments | ask | show | jobs | submit login

As an end user, how can I tell the modal dialog is actually my bank?

It looks trivial for the vendor to man in the middle attack.

Iā€™d take my business elsewhere if presented with a UI from some random e-commerce site asking for extra personal information.




3D secure payments in Europe have been a standard for years - being presented with additional verification steps for online purchases.

Attacker cannot know who you bank with. Plus, most of the time the confirmation screens are something like confirming 2nd/Xth characters of your password/date of birth.


I bank with Monzo and they send a push notification to my phone with an "Approve" button. No way to fake that.


> confirming 2nd/Xth characters

That is somehow significantly less reassuring than not having 3D Secure payments in the first place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: