• @Deftdrummer
    link
    English
    -4
    edit-2
    1 year ago

    This fucking pisses me off. No wonder my credit card details were stolen last month. I only ever use NFC.

    That’s their one shot. No more mobile payments for me. Deactivated now.

    • @efstajas
      link
      English
      81 year ago

      Did you read the article? Unless someone had physical access to your (unlocked) phone and was able to pin an app, then tap it against specialized hardware (unlikely you could get a normal card terminal to run this exploit), it’s extremely unlikely that this is how your details got stolen.

      • @Deftdrummer
        link
        English
        01 year ago

        Skimmers aren’t a thing? Especially with near field? You’re wrong. I ONLY use my phone and NFC to pay for things and that’s how the data was stolen as verified from my credit card company and Google. But hey you know best right?

        It was specifically stolen from Google Pay and contactless payments.

        • @efstajas
          link
          English
          1
          edit-2
          1 year ago

          Skimmers are not a thing for Google Wallet / Apple Pay, no. Both these services use tokenization for transactions, meaning that even with your phone unlocked, no-one could grab anything via NFC that would allow triggering a transaction later, let alone clone your card. Even in this specific scenario described in the article (which requires your phone to be in the hands of the exploiter), the CVV of the card wasn’t exposed, so no-one can actually trigger a payment with this info except if they also have your physical card to read the CVV.

          Google Wallet / Apple Pay are a million times safer than using your physical card, because the most common skimming attacks either just grab the magnet strip info if available or literally just read the info off the card optically including CVV, which allows for online transactions. None of these things are a concern with Google Wallet / Apple Pay.

          But hey you know best right?

          I worked as a TPM in financial services for almost 5 years, so yeah I think I’d know.

          It was specifically stolen from Google Pay and contactless payments.

          It wasn’t.