Sounds like a good opportunity to redirect to a fake version of the bank’s website.
Honestly I think the best solution is a revokable token from your bank that you can give to a merchant. One token per merchant, make it easy to revoke as the user sees fit. If you see a charge on the token from one merchant by someone else it’s immediately obvious that token and possibly that merchant was compromised
As far as I know, fake version of bank’s website will not work because the redirection happens from payment gateway with hardcoded linking to bank websites.
Sounds like a good opportunity to redirect to a fake version of the bank’s website.
Honestly I think the best solution is a revokable token from your bank that you can give to a merchant. One token per merchant, make it easy to revoke as the user sees fit. If you see a charge on the token from one merchant by someone else it’s immediately obvious that token and possibly that merchant was compromised
As far as I know, fake version of bank’s website will not work because the redirection happens from payment gateway with hardcoded linking to bank websites.