I'd say this is still putting the burden on the wrong party, though. For this to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kibwen on Jan 22, 2023 \| parent \| context \| favorite \| on: Detect breaches with Canary credit cards I'd say this is still putting the burden on the wrong party, though. For this to serve as a useful deterrent in general, canaries need to be quite common. Rather than hoping that thousands of customers will choose to use a canary and monitor individually, any company that stores credit cards should instead contract with an outside auditor, whereby any time a user stores a real credit card in the system, the auditor generates a canary and stores that in the database as well. This way it happens transparently in the backend, without having to ask users to do it, and immediately turns any credential leak into a minefield where you have a 50% chance of getting only one card before a canary goes off.

acdha on Jan 22, 2023 [–]

I don’t think those options are mutually exclusive: merchants should definitely be doing it but note also that many of the scenarios are things where you might want to verify your personal data storage or deal with internal business security.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact