I’m looking for some recommendations for digital debit/credit cards.
It feels like every other day there’s ‘the largest data breach in history’ and at this point, I really don’t trust any entity to safely and securely store PII.
That said, I like buying things on the internet, I’m not into crypto and would rather not include my real card information during checkout.
Any recs would be appreciated, thanks yall!
Even with NFC exploits tokenized is the way to go. Tokenized payments only send a unique token to the PoS. The PoS system then (and probably not the register itself but rather their systems) then take that single use token, combine it with their secrets that only they have, and pass it up to Google/Apple/whoever to actually initialize the transaction. Google Pay/Apple/Whoever then verify that they are the ones who issued the token, and that it is signed correctly with the secrets that are shared. So not only would someone have to snoop the NFC token that was transmitted, but also have hacked into the PoS system and retrieved the secrets, which is no small feat - and even then since the token is one time only they’ve only accessed that specific purchase. They still know nothing about you or your banking information. The token expires and can never be used again.
Tokenized pay via Google/Apple/Samsung/Whoever pay is the most secure form of adhoc payment at the moment. Tap is safer than swipe or chip, but since there’s no communication to get a one time token, it requires a slightly different approach. Tldr there, if you’re that worried about it, just add your card to your phone/watch.
But then Google/Apple/Samsung can no it or all the transactions that you make.
I think from a privacy and security standpoint tap is the best in-store solution.
I agree with you on PayPal though. I trust them with my details 100% more than any random vendor online. Plus there’s a reduced surface area for attack since your details are only stored in a single, high security location.
It’s kind of pick your poison honestly, and there won’t be any open alternatives any time soon because it requires banks also trusting the open solution. I think it’s a tradeoff, if you want security you’re gonna have the big guys watching. If you want discretion, it’s going to come with risk.
But yes, I definitely trust PayPal/Google/Samsung to not have a financial data breach more than Joe’s Crab Shack just type in your credit card to our totally secure system. Plus if any of those big guys have a breach it’ll be in the news for weeks, it’d be easy to replace the card.