Collaborate Disseminate
I was watching a youtube video about a crime in which the criminal forced a girl to give him the bank card pin so he can withdraw the money, but the girl gave him the wrong pin, so later the criminal killed her.
I notice a comment below th… Continue reading Bank card double PIN mechanism to help victims of in some crimes [closed]
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The ca… Continue reading Android malware uses NFC to steal money at ATMs
For three of the past four months, I’ve had to call customer service regarding my credit card, which is issued by a major U.S. bank. I am suspicious that some of these calls were highjacked.
How can I determine whether there’s actually s… Continue reading Are some of my calls to my bank being intercepted?
Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania St… Continue reading Stolen, locked payment cards can be used with digital wallet apps
I’ve been researching UK Open Banking and getting to know the in and outs of the FAPI advanced security profile.
My question is based on the following premises (and I think I’m probably either misunderstanding something or missing a key fa… Continue reading Open Banking: How can a TPP integrate their mobile app with a bank’s APIs without breaking the security profile
A bank sent me a link to access a site to securely sign documents. The sender was do-not-reply@esign.TheBank.com. The person helping me then sent the passcode from email address HerName@TheBank.com. According to here and here, the domai… Continue reading Send password for secure link from different address with almost same domain?
There is a general national login ID system used in the Nordics called BankID.
Very often a user will go to a website that employs the BankID login and click "login with QR". Having done so a QR code is displayed on the screen, a… Continue reading BankID and QR codes attacked by man-in-the-middle?
At my old bank, logging in via a browser required that I open their app on my phone and tap a button to authenticate my login.
My new bank is very similar but instead of a single button to click, I have to choose, in the app, from a number… Continue reading Why is selecting a code in banking app necessary for MFA? [duplicate]
This post is related to this post on Android users stack exchange relating to conceiving of a variety of household situations and files and a post related to what immutable storage is which was deleted from this site and deleted (immutable… Continue reading Modern security implementation: operation token sent to the bank by secure server
Is PSD2’s Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn?
For the purposes of this question, I’m classifying all systems where an OTP has to be transmitted as "insec… Continue reading Is 3DS compatible with secure 2FA technologies? (TOTP, WebAuthn)