shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

270
active users

#psd2

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.ca/@JustinDerrick" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JustinDerrick</span></a></span> don't use online banking and never have honest answers on security questions!</p><p><a href="https://infosec.space/tags/Funfact" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Funfact</span></a>: This would not have been possible if their bank complied with <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a>, which demands active, on-demand <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@juliewebgirl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>juliewebgirl</span></a></span> <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a>?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.linux.pizza/@midtsveen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>midtsveen</span></a></span> how about <em>never</em> unless @Liberapay@mastodon.xyzgets forced under threat of hans for violating <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> to implement it <em>'at gunpoint'</em> socto speak...?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@martinsteiger" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>martinsteiger</span></a></span> wenn kein <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>-<a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> existiert nutz' ich kein 2FA aus Prinzip!</p><ul><li><a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a>-<a href="https://infosec.space/tags/TAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TAN</span></a>|s sind unsicherer als die qua <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> verbotenen <a href="https://infosec.space/tags/iTANs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTANs</span></a>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://toot.io/@hisold" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hisold</span></a></span> My bank stopped issuing <a href="https://infosec.space/tags/girocard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>girocard</span></a> cards with <a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a> 10+ years ago as magstrip was phased out and <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> was phased in as well as <a href="https://infosec.space/tags/PSD1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD1</span></a> being introduced.</p><ul><li>Even before that merchants rarely accepted magstrips and those who did asked for <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ID</span></a> as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike <a href="https://infosec.space/tags/Chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chip</span></a> + <a href="https://infosec.space/tags/PIN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PIN</span></a> the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.</li></ul><p>That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN &amp; <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.</p><ul><li>There's a nice <a href="https://www.youtube.com/watch?v=eFYrboLEx2I&amp;t=2043" rel="nofollow noopener" target="_blank">podcast</a> with <a href="https://infosec.space/tags/JohnBoseak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JohnBoseak</span></a> where he explains how stuff used to [and allegeldy still does] work in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> re: <a href="https://infosec.space/tags/CreditCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CreditCards</span></a>. Given that I worked for a <a href="https://infosec.space/tags/PaymentProcessor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaymentProcessor</span></a> in the past this is some basic knowledge re: <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, because one needs to understand how stuff like CNP (<em>"Card not Present"</em>) works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there <em>at all</em>. </li></ul><p>It's also insightful because <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.</p><ul><li>That's why one can get their <a href="https://infosec.space/tags/CC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CC</span></a> blocked when using a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.</li></ul><p>But that's just some cold OSINT based off <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSupport</span></a> and peeking behind the curtains professionally...</p><ul><li>There's way more but I can't go into details on that. </li></ul><p>Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just &gt; 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.</p><ul><li>Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" <a href="https://infosec.space/tags/FinCEN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinCEN</span></a> et. al. won't even bother calling the account holder up simply because <em>"oops I wired money to the wrong account. Can you please send it back?"- <a href="https://infosec.space/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a></em> is a well-known method to turn unsuspecting people into money launderers.</li></ul><p>So yeah, that <em>"<a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a>"</em> may be just lacquer but unless it's specifically advertised otherwise only holds the CC &amp; CVV as well as <a href="https://www.youtube.com/watch?v=UHSFf0Lz1qc&amp;t=320" rel="nofollow noopener" target="_blank">service codes</a> [i.e. chip+pin only] to tell the terminal <em>"Don't accept magstrip, mandate Chip+PIN"</em>]...</p><ul><li>Outside the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a>, this is the norm due to <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> exceeding <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> by quite a lot!</li></ul><p>Only <em>underdeveloped</em> countries like the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> still use <a href="https://infosec.space/tags/Magstrips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magstrips</span></a> and <a href="https://infosec.space/tags/credit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credit</span></a> and not Chip+PIN &amp; <a href="https://infosec.space/tags/debit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debit</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@katrinakatrinka" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>katrinakatrinka</span></a></span> <span class="h-card" translate="no"><a href="https://universeodon.com/@digyoursoul" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>digyoursoul</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@molly0xfff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>molly0xfff</span></a></span> granted, compared to <a href="https://infosec.space/tags/CustomerProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerProtection</span></a> and <a href="https://infosec.space/tags/Regulations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Regulations</span></a> in the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a>, <a href="https://infosec.space/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> inctue <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> is a shitshow.</p><ul><li><a href="https://infosec.space/tags/Carding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Carding</span></a> as a form of <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> doesn't really exist here, and the few possibilities does.with <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> mandating <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3Dsecure</span></a> in <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SEPA</span></a> member nations...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lucasmz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lucasmz</span></a></span> I guess you never had to do payments within <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> / <a href="https://infosec.space/tags/EFTA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EFTA</span></a> / <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SEPA</span></a> where <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> applies...</p><ul><li>Cuz <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3Dsecure</span></a> is <a href="https://infosec.space/tags/VISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VISA</span></a>'s implementation of it!</li></ul><p>Basically it boils down to mandating <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> via <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> or <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> for any substantial online transaction...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> +9001%</p><p>The sheer amount of <em>liabilities</em> if not legal through <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> &amp; <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>, but indirectly through.mandated <a href="https://infosec.space/tags/standards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>standards</span></a> like <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> &amp; <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> are the reason one should avoid storing them at all costs!</p>