Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> "they installed a proxy on my IP"

This doesn't make sense.

> "they sim-swapped me to intercept the one-time password".

You would notice by losing phone connectivity... so you would know you're compromised before you try to make a transaction.

Being 2FA, the attacker still needs to know the account user/password...

Then there's hardware 2fa for a lot of banks that don't do sms... good luck with that.

Or they use bank app in phone as 2fa. Which should run securely in enclaves.

Even if they have all of the above, you just file a police report for fraud and bank will claw back funds and reinstate you, same as for checks.



> you just file a police report for fraud and bank will claw back funds and reinstate you

If the fraudster has your password and OTP, and if the money's gone, bank will do nothing — as opposed to the check fraud. That's why TLA is a good check fraud story.


How do you prove check fraud for washed check?, it has your signature, check is valid... funds get transferred same as for hacked account.


> How do you prove check fraud for washed check?

By the law, the bank needs to do the proof, or return your money. Not so with account takeovers. Which is my whole point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: