Hacker Neue

Preferences
avastmick parent
Having lived in China for five years and seeing how it is done there (literally everywhere), I see this as a payment problem. There is no sensible, low cost payment infrastructure to support this safely. Instead most of the west has a fractured app ecosystem where each app ‘does payment’ rather than via a set of trusted payment apps that do the security up front and then passes to the provider. For example, in the article the photos show an anonymous QR code you’d scan with your camera, rather than in China where you’d use Alipay or WeChat, whose app you’d use to scan the QR. When I returned from China, it took a while to readjust to the heightened (and often expensive) friction of payments. Not saying scams don’t exist in China, just that the payment provider gives some guarantees on the veracity of the claim made by the QR code
mytailorisrich
This is a cost saving play by the car parks operators.

Here in the UK we had car payment stations: You enter your car registration number, you pay by card or contactless. Done. Safe. It works.

BUT, this is more expensive for the operator to install and maintain than just sticking a notice to tell you to install an app and to use it to pay.

That being said, usually the QR code is not required it is just to make it "easier" as the notice explicitely says which app to install and provides the unique reference of the car park, too. You may also be able to pay over the phone rather than using the app. This is all shown on the article's first picture.

So, really they could just remove those scam-prone QR codes. I suspect that they don't care, though, and even profit from those scams since they can fine you for not having actually paid.

beeflet
they could just put a QR code of a different wechat account
gambiting
Yes, so worst case you paid a little bit of money to the wrong account. This is much worse - usually the QR code leads you to an app that then authenticates with your bank and can transfer and arbitrary amount of money out.
beeflet
The problem I think is with the bank. They don't give you a way to authorize a single payment or authenticate yourself without just giving away total access to your funds.

It should be like cryptocurrency where there is a separation of the public and private key. Or even better, something like chaumian e-cash. I feel like that would pretty much shut down the majority of financial crime.

tokioyoyo
Since it's all tied to real IDs, wouldn't that involve heavy risks from the scammer's side? I know it's possible, but still a bit less risk if your Scam HQ operates overseas.
beeflet
I suppose, but you could say the same about bank transfers in the west

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal