• conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    32
    ·
    3 months ago

    I mean, this is “malware” in the obvious sense.

    But it’s not compromising anything Android is doing. (Though it’s worth noting that things like this are why Apple restricts NFC).

    It’s just phishing at the end of the day. Something you should make users aware of, but not a security flaw of the device.

  • randoot@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    So they need to keep the victim’s card next to one phone, and then they can use another internet connected phone elsewhere to make a purchase. Doesn’t sound that scary to me. If they already have my card then does it matter how far away they can make a purchase?

        • sawdustprophet@midwest.social
          link
          fedilink
          English
          arrow-up
          7
          ·
          2 months ago

          You don’t actually give the card to the employees, do you?

          Typically when I go through a drive thru, I hand my card to someone who then leans back inside to swipe/tap/whatever it, then they hand it back. So yes, commonly I do give my card to an employee for at least a few seconds.

          During 2020-2022 more of them were in the habit of placing the PIN pad at the window so it could be reached by customers from their cars, but it wasn’t designed to be used that way and I’m sure it caused other issues.

          • Ghoelian@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            7
            ·
            2 months ago

            Over here they just put the pin terminal on a stick and shove it in to your car, it was already that way even before covid. Don’t think I’ve ever just handed my card to someone.

            • JasonDJ
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              2 months ago

              Y’all also use PINs. Americans freak out if they have to enter a PIN.

              Here it’s only used for debit transactions (that is, taken directly out of a checking account). PIN for credit transactions is incredibly rare here.

              This is probably because the merchants are responsible for fraudulent credit purchases. Credit companies kinda have them over a barrel in that regard…they have no incentive to enforce PINs, and users just want convenience.

              Meanwhile Sally the Walmart clerk gets written up because some knucklehead in her lane swiped a cloned card. She has no power here either…card readers rarely ask for signature anymore (not like they are trained signature analysts, a pseudoscience in itself) and I can’t remember the last time I was asked for ID for a credit purchase (aside from booze, smokes, or Sudafed, but that’s a different reason)

              • QuizzaciousOtter@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                It’s funny because where I live there were even warnings to never give your card to the cashier back when they weren’t so popular. It was precisely because of some rare cases of cashiers managing to clone or charge the card during that moment. I, and most people I know, wouldn’t just hand in their card if asked. It just doesn’t happen here.

        • jayandp@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          In the US at least it’s still fairly common for the card to be taken by the employee of the Drive-Thru/Restaurant to be run through their POS.