• Trainguyrom@reddthat.com
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 month ago

    Sounds like a good opportunity to redirect to a fake version of the bank’s website.

    Honestly I think the best solution is a revokable token from your bank that you can give to a merchant. One token per merchant, make it easy to revoke as the user sees fit. If you see a charge on the token from one merchant by someone else it’s immediately obvious that token and possibly that merchant was compromised

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        My thinking was in terms of a malicious website, if it does a fake redirect to a fake bank webpage it will then be able to harvest your bank login as well, which is worse than a credit/debit card being harvested