Hacker News new | past | comments | ask | show | jobs | submit login

And yet, they refuse to make their protocol secure on any way that isn't mandated.



What do you mean? You mean whether to require using the physical chip on the card?


They dragged their feet to add a cryptographic chip, dragged it to make the readers accept the chips, dragged their feet again for deprecating the non-chip transactions.

Meanwhile, online purchases are still done by sending a number and trusting the person that received it. They keep dragging their feet to make any side channel verification or cryptographic validation.

But well, they dragged their feet for so long that most of the world already made some competitor with those features. I hope they go on and fail as soon as possible, they do deserve it.


It's tricky, because they decided to leave this up to the banks/merchants (along with the associated liability) rather than force it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: