- cross-posted to:
- cybersecurity
- cross-posted to:
- cybersecurity
I mean, this is “malware” in the obvious sense.
But it’s not compromising anything Android is doing. (Though it’s worth noting that things like this are why Apple restricts NFC).
It’s just phishing at the end of the day. Something you should make users aware of, but not a security flaw of the device.
So they need to keep the victim’s card next to one phone, and then they can use another internet connected phone elsewhere to make a purchase. Doesn’t sound that scary to me. If they already have my card then does it matter how far away they can make a purchase?
This could be bad in the sense that anyone working a drive through could spend a day doing it.
How? You don’t actually give the card to the employees, do you?
You don’t actually give the card to the employees, do you?
Typically when I go through a drive thru, I hand my card to someone who then leans back inside to swipe/tap/whatever it, then they hand it back. So yes, commonly I do give my card to an employee for at least a few seconds.
During 2020-2022 more of them were in the habit of placing the PIN pad at the window so it could be reached by customers from their cars, but it wasn’t designed to be used that way and I’m sure it caused other issues.
Over here they just put the pin terminal on a stick and shove it in to your car, it was already that way even before covid. Don’t think I’ve ever just handed my card to someone.
Y’all also use PINs. Americans freak out if they have to enter a PIN.
Here it’s only used for debit transactions (that is, taken directly out of a checking account). PIN for credit transactions is incredibly rare here.
This is probably because the merchants are responsible for fraudulent credit purchases. Credit companies kinda have them over a barrel in that regard…they have no incentive to enforce PINs, and users just want convenience.
Meanwhile Sally the Walmart clerk gets written up because some knucklehead in her lane swiped a cloned card. She has no power here either…card readers rarely ask for signature anymore (not like they are trained signature analysts, a pseudoscience in itself) and I can’t remember the last time I was asked for ID for a credit purchase (aside from booze, smokes, or Sudafed, but that’s a different reason)
yeah not sure if its a us thing or a midwest thing but you hand your card to the person who swipes/taps it.
It is a US thing, and it’s a thing European tourists are weirded out over.
would love if it was not. dont see hwy it cant just be accesible at the window.
It’s funny because where I live there were even warnings to never give your card to the cashier back when they weren’t so popular. It was precisely because of some rare cases of cashiers managing to clone or charge the card during that moment. I, and most people I know, wouldn’t just hand in their card if asked. It just doesn’t happen here.
In the US at least it’s still fairly common for the card to be taken by the employee of the Drive-Thru/Restaurant to be run through their POS.