logoalt Hacker News

ChocolateGodlast Monday at 8:42 AM3 repliesview on HN

> We should be fighting against SafetyNet and similar attestation systems. The proper solution is one we had with desktop computing for decades. If you keep the key material on your eID or bank card

So you want a bank card/ID card to be required each time you use Google Pay? What's the point of Google Pay then.


Replies

inigyoulast Monday at 1:22 PM

Actually I have a better idea. What if, instead of holding my phone up to the payment terminal, the bank could give me a plastic card with an antenna and chip, that I could hold up to the payment terminal. The chip could be powered by induction from the terminal.

Maybe I could even duct-tape it to my phone if I really want to do that.

kuschkulast Monday at 10:26 AM

Once upon a time(tm), Google had a great solution for that: You could get a credit card in nano SIM format, and insert into in your dual-SIM phone.

That then allows you to do secure NFC credit card payments even on a rooted phone with custom ROM.

show 3 replies
AnthonyMouselast Monday at 7:39 PM

The obvious way to do this is that you need to physically attach the bank card in order to authorize a new vendor. So then when you sign up for Google Pay or Paypal or what have you, you need to get out your card -- which is good. You can't steal a physical card by breaching some other merchant it was used at.

From then your Google Pay account is authorized to initiate charges until you tell your bank otherwise and you don't need the card again unless you want to sign up for Venmo etc.

And it makes things easy if someone steals your phone, because you just sign into the payment processor and deauthorize the device or, if they've already changed your password etc., sign into (or go to) the bank and deauthorize the payment processor.