• The Soca Vault @lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    5
    ·
    5 months ago

    I never use these apps, I just don’t trust them at all. In a world of cyber security worries, we put all of our financial info on an app and a phone and expect everything to be safe. I’m just old school. Safety over convenience… as I am In an uber. Lol

    • 9point6@lemmy.world
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      1
      ·
      5 months ago

      Phone payments are magnitudes more secure than card payments as they basically are equivalent to using a brand new card and throwing it away for each transaction (in simplified terms)

        • Zagorath
          link
          fedilink
          English
          arrow-up
          12
          ·
          5 months ago

          It’s still safer. They can steal your wallet and pay for anything trivially. If they steal your phone, they have to be able to unlock it to pay with it.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Anything up to a certain amount. All the banks here have configurable limits for contactless payments (both in number of payments per day and in total amount). If you go over the limit they ask you to confirm in a way that requires the phone anyway. You can also block the cards remotely.

            I’d say it’s a decent mix of convenience and security, even if you use cards.

            And sometimes you have to resort to using cards because some banks have been migrating from using the NFC directly to using Google Pay and I for one don’t relish giving Google insight into my shopping.

            • littlewonder@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              You usually have to opt-in to NFC payments without an unlock or confirmation. Actually, I’ve never heard of that as a default setting.

            • Zagorath
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              If you go over the limit they ask you to confirm in a way that requires the phone anyway

              Oh interesting. Where I am if you go over the limit (usually $100), you just have to input your PIN. But $100 is enough to get up to some serious trouble, considering it’s a per-purchase limit.

              And I’ve both never heard of banks using the NFC directly (as opposed to using Google, Apple, Garmin etc. Pay), and wouldn’t trust them in the slightest with it even if they did offer it, because they’re not exactly known for great security. (And I’ll take security over privacy any day.)

              • lemmyvore@feddit.nl
                link
                fedilink
                English
                arrow-up
                1
                ·
                5 months ago

                They ask for PIN too but that’s a different limit ($20 by default but also configurable). The limits I mentioned block payments for the day if not confirmed.

                never heard of banks using the NFC directly

                Really? I’ve never heard of Garmin Pay. 😄 But that’s the whole point of the NFC chip being open on Android, so apps can use it directly. On iPhone it’s an artificial limitation imposed by Apple so they can take their cut from payments and have a processor monopoly. On Android any app can just do it — not only banking apps and not only payments, the NFC can be used for lots of things like opening doors etc. There are apps like meal tickets that can issue payments, gym apps and so on. Giving that up and going with Google is extremely narrow sighted.

                • Zagorath
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 months ago

                  Oh yeah I know it’s theoretically possible. I’ve just never heard of it actually being done, for payments specifically, by banks. Using Google Pay doesn’t restrict you from also using any of those other use cases: you’re not giving anything up in terms of flexibility of functionality.

                  Yeah Garmin Pay is the equivalent on Garmin smartwatches. Unfortunately it’s not as widely supported by banks (at least where I live) as Google and Apple Pay are.

        • linearchaos@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          5 months ago

          You still need biometrics, passwords, pins.

          I get the nerves, but I can’t find any reasonable way it’s less secure

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        That’s what the chip on the card does too. It’s an embedded computer that generates one time codes just like the phone.

        The main difference is that the phone typically has an extra security measure, like requiring the screen to be on to pay (but you can get a mesh wallet which prevents tap from working); or the phone needs to be unlocked, which is actually useful.

    • littlewonder@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      You should look up info about phone payments and temp card numbers in order to reduce some of your fears. Also, check out what is actually stored in epay apps when there’s a connection through a provider, like a bank integration or an integration to another epay partner.

      PCI security is about as high as you’d expect from companies that tell consumers they won’t lose their own money to fraud. When it’s the bank’s money, you’d better believe they care.

      There are far easier ways to get someone’s money and this ain’t it.