> should redirect me to my bank

Eugh. The problem with that is that people don't verify they've actually been sent to their bank. An attacker will set up fake merchant sites, pay for Google ads to get your traffic, then have you log into your bank to pay for things.

The more we normalise this, the quicker people will fall for it.

▲

efdee 4 hours ago | parent [-]

If they haven't been redirected to their bank, verifying with their mobile banking app using a QR code will not work.

▲

cortesoft 4 hours ago | parent [-]

So I have to get out my phone every time I use my credit card on my computer?

▲

ptman 2 hours ago | parent | next [-]

Not credit card. Bank account. Webauthn/passkeys could also work for auth as they check the domain and can't be phished

▲

jbverschoor 3 hours ago | parent | prev [-]

That’s why we don’t pay 3%+ on all transactions

	▲	cortesoft 3 hours ago \| parent [-]
		I get 3% cash back, though.