Macy’s breach is a game-changing Magecart attack

Except for the charge back issue you keep ignoring.

 

You're kidding me right? No I'm not ignoring it. Like I said, the charge back issue is not a technical related problem! If Visa and Mastercard adopted such a system, they could simply say: "same rules apply as always", and boom the problem is gone.

The "no charge back" problem is indeed a disadvantage, but this is related to debitcards vs creditcards, not to the system behind iDEAL! I seriously don't know how to explain it any better. And like I said, just make sure you shop at reputable and well known online shops and you won't have any problems.

However, on mobile phones, banks have created a new problem because you can now only pay with PIN code. People sometimes get tricked to fake mobile websites pretending to be their bank, were they enter their PIN code, and crooks can then plunder their account. This is all because there is no true 2FA with most banking apps. That's what you get trying to eliminate so called hassle. So iDEAL is always safer on desktops and laptops, because of hardware tokens.

 

Also the IDEAL system is not as "bullet proof" as you think:

https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/

 

Also @Rasheed187 it appears you havn't been following APT20's antics of late. And we are talking about bypassing industrial grade 2FA hardware devices here:

https://linustechtips.com/main/topic/1138176-chinese-hacker-group-bypass-2fa/

 

Since this thread is about card swiping malware, there is an interesting thread over at malwaretips.com where one actually found a web site with card swiping malware on it: https://malwaretips.com/threads/a-site-only-detected-by-kaspersky-and-netcraft.96949/

It was originally thought that only Kaspersky and Netcraft detected the card swiping malware since then and presently, these are the only two to detect at VT. Further testing showed that other security software did detect the malware. Turns out the site is infected with a JavaScript that redirects to a web site doing the actual card swiping activities. If you use a good ad blocker like uBlock Origin, etc. in your browser, that card swiping URL is auto detected and blocked prior to site web page being rendered. If you're using a major AV w/SSL/TLS protocol scanning, you're also most likely covered.

 

I can see you're really passionate about NOT trying to solve the website skimming problem.

Look, there is nothing special about a system like iDEAL or PayPal. But what they do solve is the skimming problem. Apparently, hackers can still abuse creditcard information that's filled in online by consumers. Isn't it ridiculous that after 20 years this still is a problem? And nobody is saying that 2FA is unhackable, but I think we can all agree that a system with 2FA is better than a system without one.

 

Read the malwaretips.com link I posted. AV vendors are well aware of the card skimming issue.

 

That's the thing, you wouldn't even have this problem if you simply switched to another payment system, so no need for extra security systems. Let's face it, it's a pretty dumb problem that should have been fixed years ago. In my view, you should only be able to make online payments if you physically own the card. No matter if you buy stuff via desktop, laptop, tablet or smartphone. Perhaps smartphones can also act as a cardreader in the future via RFID for example.

 

I really don't care since both my bank issued credit and debit cards have zero liability. However, I still would never ever use my debit card for a web based on-line purchase since it doesn't have the charge back capability a credit card has.

 

Yes, that's clear by now that you don't care. But you don't caring is basically off topic. It's not about you, it's about trying to solve the problem of web-skimming, a thing that can be easily done. Of course with my approach, a little bit of extra hassle is involved, but it's a small price to pay in my view.

 

LOL, or you can simply switch to a system like iDeal or PayPal, and don't have to worry about your creditcard info being stolen.

https://www.cnbc.com/2020/01/31/fbi-warns-of-new-online-threat-to-personal-credit-card-info.html

 

Of note per keypoint recommendations: