• This is fine🔥🐶☕🔥@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    We have a variation of this system here (India)

    During checkout you can select netbanking as payment method. It asks you to select your bank and after you select it and click next/pay, it redirects you that bank’s login. You login, provide OTP, and it redirects back to the website you were shopping at, usually to orders page.

    • Trainguyrom@reddthat.com
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      2 months ago

      Sounds like a good opportunity to redirect to a fake version of the bank’s website.

      Honestly I think the best solution is a revokable token from your bank that you can give to a merchant. One token per merchant, make it easy to revoke as the user sees fit. If you see a charge on the token from one merchant by someone else it’s immediately obvious that token and possibly that merchant was compromised

        • Trainguyrom@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          My thinking was in terms of a malicious website, if it does a fake redirect to a fake bank webpage it will then be able to harvest your bank login as well, which is worse than a credit/debit card being harvested