Hacker News new | comments | ask | show | jobs | submit login

This looks awesome. One thing I could see becoming an issue is in your best case scenario.

Say things are wildly successful and people come to expect that merchants will be taking a pic of your credit card with their phone. So you easily hand over your card to some random person to take a pic of it - assuming they are using Card.io.

However, what is to prevent nefarious people from just taking a pic with their own app or their own camera ?

So what would be good would be if there is some way to indicate (quickly) to the cardholder that the user is actually using Card.io to take the pic, rather than the Camera app - so they are not paranoid about people stealing their numbers.

Maybe turning the flash light red (is that even possible?) or something subtle that is a unique indicator that Card.io is being used and not some other app.

With Square, it is that little dongle - although I know that once Square gets big enough and the incentive gets large enough for people to create knock-offs of that dongle, I think it's much harder than say using a Camera.

Otherwise, awesome app.




> Say things are wildly successful and people come to expect that merchants will be taking a pic of your credit card with their phone. So you easily hand over your card to some random person to take a pic of it - assuming they are using Card.io.

When you're sitting in a restaurant and hand over your credit card, the waiter is now in total posssesion of it.

They could take a picture of it.

They could go to their laptop and make purchases from China.

They could run out the backdoor and never return it.

Handing over your credit card is a common enough thing, because you are protected from fraud by the credit card companies policies---not by your own regard for if the person you're giving your card is trust worthy or not.


That may be true, just saying....it could provide another avenue of fraud if the best case scenario does play itself out.

Not saying other avenues of fraud don't exist or cardholders aren't as vulnerable without it.

Just stating what I think will likely be a side-effect, that these guys should at least pay attention to.


This is Mike from card.io. That's a great suggestion - we'll be watching the user experience very closely and will give your idea some thought!

Based on developer interest, a common use case will be scanning your card from an app on your own phone - in that case, you're scanning your own card, and you're in control. But this us a great suggestion for retail usage.

Thanks!


Just throwing it out there...and the truth is...it might not even materialize...but you never know.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: