>>108962343
>> enter the card number
>> enter the expiry
>> enter the cvv
This is security, it's just bad.

>>108962343
One question.
Are you American?

>>108962363
no I am from india

In western Europe there usually is 2fa with online MasterCard payments. But when you buy something on an american website there suddenly is none and you can easily spend over a grand with only the details on the card. This makes no sense. Security is apparently region specific, but only on the receiving side? Seems like a major security flaw.

You can configure your account transactions. underageb&

you sound indian and underage

>>108962395
>But when you buy something on an american website there suddenly is none and you can easily spend over a grand with only the details on the card.
Or all your transactions gets denied because the extreme security requirements tied to the card isn't compatible.

File: scare.jpg (48 KB, 651x386)

48 KB JPG

>>108962359
>give CC to waiter in restaurant
>they take it to the back

File: 1755496841409589.gif (1023 KB, 500x361)

1023 KB GIF

>>108962343
Afaik it depends on the amount spent and maybe on the bank you're using. I'm pretty sure higher amounts make you confirm using your banking app (not sure what the minimum sum is though). At least that's how it worked back when I was deep into my gambling addiction.

>>108962343
Isn't that a bank problem? he probably opt out of 2FA or something

>>108962343
Credit card companies have decided it's better to make it easy for you to spend money rather than making it secure. Who cares anyway, you just call up the bank and say I didn't purchase that and they will revert the charge

>>108962817
What year are you living in?

>>108962863
This, not my money. Not my problem.

>>108962880
2008

Let me guess, you want to make it a horrible experience with shitty apps that require remote attestation.

>>108962343
It's a fucking credit card, you moron.

>>108962343
>go to his house
>in new location
OP you have brain damage. Seek help.

>>108962343
just don't shady or illegal shit and you have nothing to worry about.

>>108962343
They have a 2FA solution it's opt in. Besides it's a credit card not your money. You aren't liable for shit.

>>108962952
And when I say opt in the merchant has to opt in.

>>108962817
What kind of poorfag restaurants are you going to?
>bill arrives during desert
>put my card on table
>wagie understands gets the card reader
Wow that was hard.

>>108962343
I had a mastercard debit card and my account got drained of $15,000 in the space of a day, dozens of orders ranging from $30 to thousands, all made from countries I have never used the card in using different names which are not my own. During that time a handful of them got rejected for being suspicious but they kept allowing more money to go out on different orders after that. Once the account was drained they kept trying to make more orders which were declining, trying lower prices until they got some through. I absolutely can not believe how bad their security must be for that to be allowed. I am quite paranoid and security conscious about my card number, I never 'allow' any site to save it on any account. Obviously some do it anyway. Bank said it would be some site had saved the details and got hacked, nothing you can do about it other than never buy anything online.

During the process of dealing with the bank to get the money back they kept assuring me there are safeguards to stop suspicious transactions. I said, what specifically? How could tens of thousands of dollars being spent in a day from all over the world with multiple rejected transactions not be deemed suspicious? Please give me an example of a transaction which might be suspicious enough to be flagged if not these ones?

>>108962817
Europoor here. It's never been like this in restaurants. At least not in my lifetime. Before wireless payment terminals you walked to the registers and paid with chip and PIN. Now they just bring a wireless terminal and you use contactless payment or insert card and enter PIN.

Worthy of not though is that the vast majority of card payments here are debit card and not credit cards, because we don't like debtmaxxing.

>>108962965
>>108963005
lil neguinhos I'm in my 40's and this was typical in proper restaurants in Europe

>>108962972
>nothing you can do about it other than never buy anything online.
Or just don't use American style debit- and creditcards that allow unauthorized payments.

Over in Europe, most online payments happen through systems built on top of basic SEPA transfers and are authorized via e-banking, which uses whatever 2FA protections your bank puts on their banking environment. These are push model, not pull model. They literally cannot be processed without explicit validation/authorization and EU legislation requires strong 2FA verification.

retarded zoomer golem , thats due to how his bank still operates, used to be that it really was as easy as that, no pin token, no app acknowledgement or login requirement, not even an email or sms notification if you yourself had set it like that.

Yeah, I got a story, which proves how it apparently has more security than anyone can ever want, although that's actually stupid AML policies.

> be me, white non-american visit SF
> have MasterCards and Visas from four different countries in Europe, middle east and Asia
> decide I want a particular model and type of New Balance shoes only available in America
> Go to New Balance website, try to order
> blocked, blocked, blocked
> ask European friend with another card - blocked
> ask American friend with another card - blocked
> go to New Balance store, buy coupons on site
> finally go to New Balance site, enter coupon
> Doesn't work!!!
> panic, try again
> finally werks

whoever invented this AML shit should fucking kill themsleves

>replying to no X, no Y, just Z AIjeet post

>>108963767
Sort of, debit cards spend your money so it's a hassle to claw it back from the bank and your without that money until you can. With a credit card you just don't pay it

>>108962343
>go to his house
Yeah, now try it in Japan. The "global" mastercard will SMS you a code to your American mobile number, which you can't receive outside the US. Your transaction will fail, your card is locked, you cannot even reactivate it until you return to the US, so now your autopays tied to the card all fail and need to be moved to a different card too. But hey, no foreign transaction fees!

>>108962817
for a while stores took out a notepad, a pencil, and got a relief of your credit card, cvv included.
unthinkable nowadays.

>>108962343
>saar why not use passcode saaaaar

>>108964091
Actually happened to me on that same SF trip. So we went to a physical store and they had internet connection issues, so they've been writing down everyone's card details manually, with a fucking pen when people wanted to buy stuff. Wrote down my card's name wrong (so it wouldn't check out later) and it was like 250 bucks. I corrected them of course, but it was a fun fantasy. I'd have literally zero implications since I was leaving the country soon and they wouldn't be able to have my name, cos they made a mistake writing it down. But that was 2019, practically a different world.

>>108962880
That's how most restaurants beyond fast food still operate in the US. They're more than capable of upgrading to have QR codes or tap to pay systems at the tables themselves, but the ones that refuse are coddling waste of oxygen boomers who are scared of using anything other than cash or a check

>>108964180
>I corrected them of course
dumbo

>>108965134
Yeah, I try not to be petty and steal 250 bucks from some shop.

>>108962343
One time i accidenally entered the wrong cvv and the payment still went thru

>>108965787
some big online shops like amazon don't even want your cvv. it's trivial to brute-force anyway. amazon has other signals for preventing fraud.

>>108962343
> Isn't it like one of the top most payment processors globally?
no, mastercard is not a payment processor

>>108962343
Don't blame MasterCard for this. Blame the bank that the card is tied to. There are plenty of banks that have better second factors, or even make you go through additional hurdles. The problem is that some banks are dinosaurs and for them, using SMS as a second factor is "good enough" and when you tell them the problems with that they just don't care.

The providers that are acting as the glue between banks (like Visa and Mastercard) do support better options, but the banks may not. If it really bothers you, change banks. That's actually a huge part of the problem. People are more likely to get divorced than to ever change bank. So banks feel they can simply get away with shitty security. Another incentive for banks to never change is that companies have simply added extra layers on top. Like the transaction might be blocked on the card if it's a high amount and was bought at 1am local time, from Asia. My own bank does this type of thing. They have no real way of knowing it's fraudulent or not. You have to actually call them and get it unblocked.

In an ideal world would be have something like a ubikey as a second layer over email/sms, sure. But good look trying to convince banks they need to bother with this. They know: you won't leave and they are happy to let the providers in the middle try to patch over it.

File: 1743513418203078.gif (872 KB, 346x360)

872 KB GIF

OP someone who worked with IT financial transactions and now workes abroad in IT, you're retarded.

CC companies will allow cards to go through if the dollar amount is nominal to cancel or dispute for fraud purposes. It's one reason why people tell you to use CC's online vs debit.

Secondly and most important, you did it from his known location at home. If he's used the card there and near is home/close enough to the GeoIP the card will assume it's at home in a trusted area. If you hopped on a VPN and were doing shit out of Canada/Mexico it will trigger.

Lastly, you probably did a nominal purchase that was from a trusted seller with an item in line with what his purchase history is. If I am home and purchase a steam game/amazon/Papa Johns/etc it won't bother asking me for 2fa. All companies have a predictable purchase forcast based on what you normally get. Now when I am in SEA or Europe and I do some Uber Eats/Wolt/Grab, the first few times it might ask me to secure my account with a 2fa.


Go try to book a flight to Japan or buy something completely unusual like 200 dollars of funko pops off gamestop and mastercard will probably be like "let's confirm this is you"

>>108966166
>In an ideal world would be have something like a ubikey as a second layer over email/sms, sure.
wrong.
the optimal amount of fraud is non-zero:
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fraud/
the ux of your secure system will suck. you already said so
>They have no real way of knowing it's fraudulent or not. You have to actually call them and get it unblocked.
don't ever block my legit payments.

>>108966351
what the fuck are CC companies? it' not a term of art.
even a layperson wouldn't call a frontend processor a CC company.

>>108962343
That's unorically good. Fuck sites trying to get me to do bazillion factor authentication for simple shit.

If someone has my physical card, with name, expiry and cvv: he is authorized by me, the cardholder to make purchases up to the credit card limit.

If someone has my username and password, he is authorized by me to log into my account and do whatever the account allows.

If someone has a key to my house, he is authorized by me to open the door and get in, make copies of the key and distribute it to whoever he wants, allowing anyone to go in until I change the lock.

>>108966387
Payment processors based on the credit that money will be given from the buyer to the seller. They make money off interest and card swipes.

One reason why CC's are easy to purge charges from that are fraudulent is because they have a ton of legal bullshit in there that the vendor has to follow. If they don't follow it, the CC company basically says they ain't paying. Most companies will swallow it because it's a drop in the bucket overall for business.

Basically OP doesn't understand his grandpa's home is basically doing purches on a conditional access based on locational trust.

>>108962343
>I entered all the payment details correctly and they processed the payment
>*shocked pikachu face*
Yes, this is in fact how things should work. If you're worried about some wanker spending all of your money then you mitigate that by not having all of your fucking money in one single account. Just leave a few hundred in your bank account and the rest in an interest gathering easy-access savings account. Simple as.

>>108962343
>space after greentext
>same as the shitter spamming sentx .ai all of yesterday
Reminder to report automated advertising spambots.

File: 1759589174728402.jpg (16 KB, 299x299)

16 KB JPG

>>108962817
>this has been happening to ultra-rich people in the 80s
it's like you've never been to a golf country club

Its up to the merchant to determine what fraud checks are used. In the USA most of the time the merchants require the billing postal code to match the AVS data on file, and for higher dollar amounts, requires the full billing address to match the AVS. If the merchant does not adequately screen for fraud, they will have a lot of chargebacks to deal with.
Yes USA restaurants still take your credit card to the back to process the payment, it's really silly. In Canada they bring the terminal to your table and you pay there.

>>108967549
>Yes USA restaurants still take your credit card to the back to process the payment, it's really silly. In Canada they bring the terminal to your table and you pay there.
Those wireless terminals aren't free to be fair. Most businesses that use them are eating a small cost each time they process a payment. It's why they prefer cash a lot of the time.

File: 1755682556139904.jpg (251 KB, 2560x1921)

251 KB JPG

>>108967563
I mean if they're processing a credit card at all, of course they're paying a fee. In the US I know those square things exist and run rampent in small businesses, and they charge their own fees, but in Canada, most businesses have very basic wireless Verifone terminals. I believe they connect to a Wi-Fi network operated by the business that is strictly used for payment signalling. Some models have a TELUS sim card though and do it over cellular. These terminals have been around for ages whereas Square is like total slop.
It's a big reason why they've been so hesistant to shut down 3G UMTS/HSPA cellular networks here. A lot of these terminals still rely on 3G to function.

File: konnichiwa.png (66 KB, 344x315)

66 KB PNG

>>108962343
Credit Card companies and debit card companies have lasted for years by just lobbying to ensure that people can spend with as little roadblocks as possible. That's how they get vendor lock-in. If it weren't seamless, people would go back to using cash. So they lobbied EVERY SINGLE SEC AND BANKING INSTITUTION to simply give them a free pass to do whatever they want while heavily restricting any other form of payment. You may be too young to remember but Paypal was almost killed a few times by congressional action for doing EXACTLY What Mastercard and Visa did with more hoops.

This is why they have the authority now to simply censor anyone who disagrees with them or their agenda by revoking their payment: They own the payment system now thanks to being the only people who have unrestricted access to it. Everyone else requires an act of god to get simple payment transactions through. Like back in the western union days of wiring money acts of god.

You just don't live in a fair or just world and you have to come to terms with it.
>>108962395
Europe is the only place to have enforced anything on these payment processors and even then, when they try to declare them a monopoly, their politicians get blacklisted and unable to use money. This has happened multiple times. I'm sure they would kill people if they tried doing it in America that way.

>>108967771
Europe still doesn't even have their own payment processor alternative. I know Spain has one and they're trying to get something Europe-wide but good fucking luck. It's an uphill battle.

>make it easy for people to spend
>make it easy for details to leak
>companies can sell their databases and say it was "hacked"
>databases get sold because it's easy to spend
>people that got carded will call the bank and say it was stolen
>whoever was selling the product is the one that loses money
>even if the bank "loses" they will get a tax waiver for it (lmao)

>>108967899
They'll never have one. Even Spain's Bizum still requires a smartphone running an American operating system, which is even worse. At least a credit card can be used offline, but now if Google or Apple bans you, you're fucked.

EU has mandatory 2FA unlike your shitholes. I get OTP on phone + pin I set up on the bank website with 6 months turnover on everything I buy online.

>>108967915
Europe isn't ready to ditch Apple, Google or Microsoft yet. They probably never will because everyone loves to suck their dicks. Doesn't mean they still can't come up with alternative services when possible though. It ain't easy though with how established Visa and Mastercard are.

>>108962343
>go to his house
>No verification as doing payment from new device in new location
>his house
>new location
You're kind of (inb4 kind have) fucking retarded.

>>108967926
mandatory 2FA on an American phone, kek
>>108967929
It's not an alternative when it forces people to buy an American product that they didn't otherwise have to. That's just becoming MORE dependent on the USA, not less.

>>108967926
That's fucking awful when you want to buy something that's in high demand like a concert ticket or piece of hardware that's highly sought after.
>I'll just fill out my 2FA, this will only take a few seconds
>Sorry! Your item is sold out / basket isn't available / etc

>>108967937
You were buying a phone with an American operating system anyway. Nobody seriously uses anything other than iOS or Android.

>>108967950
And that's because the EU has made life impossible without one. This is a problem of their own creation.
Ironically, it's feasible to live without a smartphone in the US of A than in Europe.

>>108967956
No, the EU didn't that. Europe's shit tech companies did. Name even one potentially serious alternative? The only thing I can think of is Sailfish OS that came from the now defunct Jolla that derived from Nokia's old operating system.

Europe sucks at making operating systems, even more so at making an operating system somebody would actually want to use.

A large part of it comes from the fact that iOS and Android so entrenched and Europe didn't cause that, even Microsoft failed to make a competitive mobile operating system people wanted to use. There weren't apps for it and people weren't buying Windows phones.

>>108967978
>No, the EU didn't that. Europe's shit tech companies did.
I'm pretty sure the EU has required hardware MFA for online banking, effectively banning web banking and requiring a phone.
https://www.reddit.com/r/BuyFromEU/comments/1qs7v6q/which_european_banks_do_not_require_apple_or/
Orange reddit talks about this all the time too.
>Name even one potentially serious alternative?
A plastic credit card.

>>108962817
I just scan their QRIS™ code. Shrimple.

>>108962972
>Debit card
>drained
skill issue

>>108962343
>Mastercard has no security
>> enter the card number
>> enter the expiry
>> enter the cvv

choose 3 nigga

>>108966362
I went on a trip for a bit. My bank let me transact for all of 30 minutes, then started blocking literally everything. I called they claimed it's unblocked now. Nope, still fully blocked. Called again, same shit. I stopped banking with them entirely over this, but I have never seen an anti-fraud system work, it only ever blocks legit transactions.

>>108968028
And if you read the thread you'll see everyone's bank is OK with no meme phone etc.
Self-pwn

>>108962395
>But when you buy something on an american website there suddenly is none and you can easily spend over a grand with only the details on the card.
That's what chargebacks are for which credit card companies usually do without much complaint. US vendors usually pay higher processing fees to hedge against the overhead of that.
If you verified with 2FA it means it'll be a lot harder for you to argue that it wasn't you who ordered it. You can still do a chargeback for other reasons though.

>>108967950
>You were buying a phone with an American operating system anyway.
Not me.
But anyway, how is it like being a colony?

File: Imprinted_card.gif (2.86 MB, 320x240)

2.86 MB GIF

>>108962817
I feel old.

>>108970380
>completely offline
>can't be swiped
Superior technology lost to the sands of greed

>>108962359
all of which is conveniently printed on a single side of the card. won't matter if you put 5 more things on there to enter.

>>108965970
I noticed that Amazon lets me pay with my bank account just by giving them my IBAN. Considering my employer has it to pay me out, it worries me.

>>108962379
and I'm trans if that matters

>>108967926
How is that supposed to help when it results in not being able to buy stuff on some websites? Great, your purchasing power went down and you'll have to seek out other payment options.

>>108962343
>buy something online
>"please enter name, card number, expiry and cvv"
>they now have all the information to buy things with your card
I never understood this about credit cards.