With a debit card you’re playing with your own money.
(I'm pathologically avoidant of credit cards, which I think are mostly pointless.)
No part of my life has been harder for not having revolving credit. I had a family, with two kids, starting in my very early 20s; I have lived on ramen wages several times since then; I've bought houses, rented cars, all that stuff. There's really been no point I can think of where I felt like having a revolving credit card would have made any of it more manageable.
I'd get points and stuff (I have a card now, it has a fuckload of points on it) but that's just an incentive to use the cards, not an intrinsic case for them.
I think most people would be much better off just using debit cards, and operating with the funds they actually have. And, again: it is in fact easy for me to say that today, but I believed the same thing when I was younger.
The crazy thing is coming to realize how little your credit score matters if you decide not to play this game. People say it will impact your ability to get a mortgage or a lease, but: not my experience!
Totally agree, but - and this is another example where the rich(er) benefit - if you actually have the money and good financial discipline you're better to put everything on your CC and pay it off in full monthly. Let the merchants finance for free for 3 weeks, plus maybe get perks like purchase protection and extended warranty.
Again maybe I’m wrong but I don’t agree they are equivalent. It sure fucking feels that way, the money isn’t threatened from my account.
Under the law, credit card issuers actually have more time to deliberate before making you whole, not less.
It is nice that you know what the law is but that isn't the same as the law being followed. Also the bank was PNC, not the biggest guy ever but not a small player either.
In practice credit cards just have way better fraud protections.
Plus - like it or not - our society builds your credit based on your use of a credit card. And if you pay your balance in full every month I'm not sure why anyone would prefer paying up front (debit) vs. free financing.
Credit card system was already around for decades before though
The signature scheme I implemented was thoroughly tested. Implemented from reading the Lamport and Merkel academic papers and under 1000 lines of code in total so pretty easy to audit... Nobody found an issue with it in 5 years.
> The data they took with the attempt of purchase is the card is still usable (not cancelled)
The payment flows should not distinguish between a nonexistent card, a cancelled card, and a valid card that needs 3D Secure. I bet the banks could even implement that without any cooperation on the part of the merchants.
1) https://stripe.com/newsroom/news/card-testing-surge
2) https://stripe.com/blog/the-ml-flywheel-how-we-continually-i...
3) https://docs.stripe.com/disputes/monitoring-programs#enumera...
Enumerating CVC2 with a single PAN is a different story.
If it was leaked somewhere else, i think they wouldn't bother logging in some unrelated account of mine in an ecommerce website.
Blog post from Stripe:
https://stripe.com/resources/more/what-is-a-card-account-upd...
>I got the money back via chargeback in short time.
So as evidenced, you are protected by the fraud infrastructure. The bank ate the loss for the fraud and you were made whole. In the end, the banking system cares about fraud loss. And they are exceptionally good at finding the fraud. Making changes to the card payment system is extremely difficult, due to the vast scale of the systems, so without a very good justification that a particular change will move the needle on fraud rates, the banks will opt to not make the changes.
My experience with ebay (stolen credit card) in particular was that things were going well until e-bay sent their stack of paperwork to my bank. Then my chargeback was reversed and shortly after that even my bank account was closed.
So you're not in the clear once you get your chargeback back. That is done initially while they give the other party time to respond. I think it took 30 days or so for ebay to bury me in paperwork, get the chargeback unwound again, and their schpeel was so effective that my bank themselves then accused me of being the fraudster.
As for
> The bank ate the loss for the fraud
I'm not 100% that's true. The entire reason why the chargebackee wants to contest it is because either the chargebackee or the chargebacker is eating the loss. The bank isn't eating that loss. There is no way E-bay would have bothered contesting my chargeback and paying their white collar workers for professional time researching if the bank was just going to eat it.
_If_ you notice the fraudulent charge.
All consumers collectively pay for all the fraud, it’s just that we don’t tend to realize it as it’s not a specific line item on any of our bills, instead we all pay just a little more than we should for everything we buy.
Robinhood absolutely nails this. Best virtual credit card system I have ever used. So seamless. Can auth a card for one time use, 24 hours, or indefinite until you cancel. Such a great UI / UX
So an enormously good anti-fraud mechanism is severely handicapped.
It’s really frustrating for most of the rest of the world.
I don’t get it, do US citizens prefer being defrauded over what is perceived as a slight inconvenience?
Even for non-victims of fraud, they still pay for the fraud as all merchants up the prices of their goods to cover fraud costs/insurance.
Do you think we are requesting to have less secure payment methods or something?
No, we don't "prefer to get defrauded", but things like this are a matter of negotiation between the card issuers and the merchants.
Not necessarily, the EU has mandated strong customer authentication by law (PSD2), and as a result has practically universal 3DSecure support.
I guess the real question here is how are they able to steal from you? Were they purchasing gift cards from a merchant with lax security?
It’s one thing to guess a number it’s another thing to get the money out of the system
sixtyj•1h ago
I know that I am naïve :)
Back to the article: Weak point was a password that lead to another merchant not using 3D secure.
It seems from the article that bad actors have fully automated system, so (big) merchants should have handle automatic login attempts from the same ip address with different accounts. I see it from our wordfence logs that ip rotation is not so quick so it could be handled with some permanent ip blocking.
kodbraker•59m ago
>Weak point was a password that lead to another merchant not using 3D secure
Well leaking a password shouldn't cause leaking a whole ass credit card data imo. The same data is printed on physical receipts the markets print, sometimes 4 digits, sometimes 10 digits. It's still possible to brute force from unattended physical receipts on the market.
mrbluecoat•41m ago
kadoban•34m ago
stavros•33m ago
Foofoobar12345•32m ago
psychoslave•23m ago