Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here in the Netherlands we have 2 factor authentication on all bank payments and most credit-card payments. The two-factor here works with a token-generating device in which you have insert your card and PIN. The only exceptions are unsafe US payment portals that don't support the two-factor triggers properly, but that is just for CCs.

I lived in the US for 6 months and was surprised to find that my American collegues found it less safe to use a bank card (with PIN) than a CC. Their arguments were that 'if someone gets your card AND PIN, they can do anything' as opposed to someone stealing JUST your CC and then he can do anything... Yes seems much safer.



All of my US credit cards have a verification number that is required as well as the CC number for any online transaction. It's not that much different from a PIN.

We also have zero liability for unauthorized CC charges. So even if someone were to do that, the bank would be on the hook, not the user. Banks rely on a lot of computer analysis to determine whether a charge should be allowed.

It's much more of a pain to get money back into your bank account after it's been withdrawn. So although it's technically true that a bank card with PIN is more secure, to the end user, it's not any better.


>All of my US credit cards have a verification number that is required as well as the CC number for any online transaction. It's not that much different from a PIN.

Not at all the token system the parent describes.


This depends on the bank. Ex-PostBank ING clients get a TAN via SMS for every transaction (or a paper list of TANs if you really want it). Recently, they added that when you log in from a different machine/location than usual, you get a similar code via SMS (or from a different but similar paper list, I guess), called a PAC.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: