this post was submitted on 12 Jun 2024
84 points (98.8% liked)

Cybersecurity

7419 readers
7 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
 

Starting from 2030, Mastercard will no longer require Europeans to enter their card numbers manually when checking out online -- no matter what platform or device they're using. Mastercard will announce Tuesday in a fireside chat with CNBC that, by 2030, all cards it issues on its network in Europe will be tokenized. In other words, instead of the 16-digit card number we're all accustomed to using for transactions, this will be replaced with a randomly generated "token."

The firm says it's been working with banks, fintechs, merchants and other partners to phase out manual card entry for e-commerce by 2030 in Europe, in favor of a one-click button across all online platforms. This will ensure that consumers' cards are secure against fraud attempts, Mastercard says. Users won't have to keep entering passwords every time they try to make a payment, as Mastercard is introducing passkeys that replace passwords.

all 26 comments
sorted by: hot top controversial new old
[–] Whirling_Cloudburst@lemmy.world 56 points 1 year ago (2 children)

Consumers will be able to make one-click payments at the checkout page using biometric authentication with a thumbprint

That's a nope from me, dog.

[–] mindbleach@sh.itjust.works 7 points 1 year ago

My PC doesn't even have a microphone.

[–] greyfox@lemmy.world 4 points 11 months ago

This is likely something like a FIDO token/passwordless setup of some sort (i.e. Windows Hello).

The thumbprint would just unlock the hardware device, so the thumbprint itself wouldn't need to be transmitted to your credit issuer. This gives you full two factor authentication of your identity because you need the hardware device (something you have) and your biometric (something you are). They also often allow pins (something you know) instead of biometrics as the second factor.

[–] terraborra@lemmy.nz 43 points 1 year ago (3 children)

Yeah, I’m not giving them biometrics. There had better be an alternative option.

[–] uhN0id@programming.dev 17 points 1 year ago

The first thing I thought was "what's the alternative?" If I don't do biometrics on my phone then why would I do it for my credit card? I'm American so I don't have to worry about this yet but it's probably an indicator of what's coming here.

[–] normalexit@lemmy.world 2 points 1 year ago

It'd be cool if they had a yubikey integration or some other hardware based solution where you must physically present it.

[–] oktoberpaard@feddit.nl 1 points 11 months ago

I might be wrong, but I think they will probably let the OS handle the biometrics offline, which means that they won’t have access to your biometrics, they just work with cryptographic keys. Otherwise it doesn’t make sense, as apps usually don’t have direct access to the fingerprint reader. It will probably be similar to how a passkey works.

[–] MajorHavoc@programming.dev 7 points 1 year ago* (last edited 11 months ago) (1 children)

Sure. Because "working with banks, fintechs, merchants" was a swift friendly collaboration when moving to chip and PIN...

(/sarcasm ... Because it was not.)

I'm pressing X to 'doubt' on this one.

Edit: I'm American. It's a good point that Europe has historically done a much better job with payment security.

[–] EinfachUnersetzlich@lemm.ee 10 points 1 year ago (1 children)

In Europe it was relatively smooth though, in my experience. I worked in a shop when it was rolled out. I'm guessing you're American?

[–] MajorHavoc@programming.dev 2 points 1 year ago (1 children)
[–] Hugh_Jeggs@lemm.ee 10 points 1 year ago (1 children)

Your banking systems are two decades behind everyone else. Please rejoin this thread in 2044 thanks 😂

[–] MajorHavoc@programming.dev 2 points 1 year ago

Ouch. But very fair.

[–] twinnie@feddit.uk 6 points 1 year ago

I’m always down for stuff like this but it doesn’t sound much different from having to approve the payment in the app or using one of those single-use cards. I’ll wait and see how the passkey works.

[–] umbrella@lemmy.ml 5 points 1 year ago* (last edited 1 year ago)

no more custom roms if you want to actually pay for stuff. awesome.

[–] lud@lemm.ee 5 points 1 year ago* (last edited 1 year ago)

Interesting but I just memorized my card numbers. It's incredibly convenient and I recommend everyone to do it.

This might improve security though, because instead of using the same numbers everywhere you use different tokens everywhere.

It would be cool if computers could use their smart card readers (Chip and NFC) to pay stuff online.

[–] njm1314@lemmy.world 4 points 1 year ago

Oh fuck that so much

[–] IphtashuFitz@lemmy.world 2 points 1 year ago

If NFC was ubiquitous across all devices I could see something like this working relatively easily. But given the matrix of devices, operating systems, web browsers, apps, etc. I don’t see this as an easy task at all…

[–] Godort@lemm.ee -5 points 1 year ago (1 children)

This feels like a really good idea. I hope we get this in Canada too