Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dnnddidiej 4 hours ago

2 can be genuine use. I let my partner use my card and I use it on my phone as rfid. Maybe ignore phone usages since they are secured pretty well.

masklinn 4 hours ago | parent | next [-]

All of them can be genuine use, these are fraud signals not fraud proofs, and the article does cover this:

> What works is running them all and scoring each transaction across the signals. A transaction that fails on three or four of them is almost always fraud. A transaction that fails on one might be your grandma being weird with her debit card on vacation.

dnnddidiej 3 hours ago | parent [-]

> If a card swipes in Chicago and seven minutes later swipes in Los Angeles, one of those swipes is fake. The card is cloned. This is the most uncontroversial fraud signal you’ll find — there’s almost no legitimate reason a single card is in two distant places in seven minutes.

lmz 3 hours ago | parent [-]

The question is whether they would treat that as a single card (physical vs digital).

dnnddidiej 2 hours ago | parent [-]

If they don't then this is a good detection system for a very specific scenario (but nonetheless a good trick)

rswail 3 hours ago | parent | prev | next [-]

The Apple/Google Pay cards have a DPAN (device account number) that is different to the CPAN of the physical card. It keeps the same issuer (first 6 digits) and the same "last 4" digits, but the others are different.

The DPAN is translated into the CPAN by software at the issuing bank, so it's not identifiable by the merchants.

Merchants get the "last 4" digits, but that's not enough to identify specific CPANs.

nujabe 4 hours ago | parent | prev | next [-]

They can distinguish a physical card vs Apple Pay

WhyIsItAlwaysHN 4 hours ago | parent | prev [-]

Exactly, hopefully this is not an autoblock in the future.

masklinn 4 hours ago | parent [-]

> A transaction that fails on three or four of them is almost always fraud. A transaction that fails on one might be your grandma being weird with her debit card on vacation.

WhyIsItAlwaysHN 3 hours ago | parent [-]

The article states that the particular item is a clear sign of fraud. If that was true, then it should be treated in a special manner. A more paranoid bank could enforce it without adhering to this guidance of multi-factor detection.

It isn't though, so balancing it with other rules is fine.