Hi
Recently I was returning some clothes and needed to show my Curve card number to prove it was the card I purchased with. The store is underground so I could not access my card details.
Can card details developed to be shown when there is no internet?
I agree, it’s the same for loyalty cards. No, or even just poor, signal and you can’t access the cards.
Hey, thanks for this feedback on these two features!
I can definitely see how this can lead to inconveniences and I’ll pass this up to our Product team so that they can look into the possibility of this! No details are currently stored in your Curve App for security but it may be possible for them to provide a workaround for this now that they’re aware that there’s demand for this.
Maybe encrypt the data inside the app container
And then you login to the app
Like with the phone fingerprint it then decrypts?
Or use pin, password
I have reported this issue directly to support already since quite some time and recently posted it here but there is no progress so far.
It’s funny how “we” all assume certain things and take them for granted (e.g. mobile data connection) when actually reality has a different view and punches us in the face…
Happy New Year everyone!
You can store it in a text document, in like OneDrive, google drive, and save it for offline
I can name at least 20 different ways on where to store credit card information, PIN, etc. in a secure way, which BTW your suggestions (@hup) are pretty insecure.
I personally run the Curve application from within “Secure Folder” in my Samsung Galaxy A50 phone. “Secure Folder” in the Samsung Galaxy phones is an encrypted “place” within the phone’s memory/storage where you need additional or different credentials in order to gain access.
But the problem with the Curve application and needing data access to view the card details or the PIN is what happens if one actually DOES NOT have data access due to location or any other reason. I understand that by querying directly these details from the Curve servers and not storing the info within the app might be more secure, but as IT Security specialist myself, I’ve learned one thing: The more you tighten security on something (and thus causing some inconvenience), the more stupid (and insecure) ways users find to make it easier on them.
It’s like enforcing very strict password policies… at the end users stick Post-its with their passwords on their screens because actually they don’t remember all these passwords.
screenshot when details open, safely stored in photos
I’ve worked in Network security for 20 years and never make a statement, without context, that something is unambiguously “secure”; it implies that there is no risk. “Secured” implies that there is some risk, and one should always assume there is some level of risk. It’s invariably a case of assessment.
Back to the point; off-line access to card information. A case has been raised for this access for both payment and loyalty card details.
Let us look at loyalty cards fist, for which I have this issue, almost, on a weekly basis. Risk, Mitigation, Circumvention.
Well, I’m satisfied that there’s negligible risk for allowing off-line access to my loyalty cards and therefore little requirement for mitigation. I could always take a picture/screen shot and store them on my phone. Or I could even just attach them back on my keyring. Or use a dedicated loyalty card app. Either way, I don’t then need this feature within Curve (if it’s a nuisance), but I would like it.
Card information may be a little more complex. For a start, does this affect PCI DSS certification for Curve? What’s the difference between carrying the (bank) card in your wallet and carrying it (off-line) on your phone? It could be argued that the latter is more secured as you need a PIN (or biometric) to access it. That surely mitigates some of the risk? If access to the information isn’t a possible feature then users will circumvent the issue. It could be argued, very strongly, that something like Bitwarden is a better and more secured solution than a clear text file. People will find a way but they should assess the risk first.
I don’t think this is something Curve can just enable as they will need to carry out their own assessment. From compliance to coding to cost benefit, it may be a longer project than you would believe.