← Back to context

Comment by djd7duehrj

4 years ago

If you're treating your phone as hostile why would you skip gaming apps but use banking ones? That seems backwards if you're assuming your mobile is the weak point.

7 comments

djd7duehrj

Reply
pndy  4 years ago

In the EU the PSD2 directive obliged banks to provide strong authentication for customers login process and various operations on the account incl. payments ofc. Most of the time mobile applications are being used in the result - for either login confirm or as software OTP generators (biometric verification is also supported); the lists of printed codes are rather obsolete now and some banks may actually charge your extra for sending you text messages with such codes. I know there are hardware security tokens but in all these years I haven't seen anyone using such here.

So, it's rather hard to avoid banking apps.

Also, the PSD2 directive implements the duty of providing API infrastructure for third-parties. [1]

https://www.ecb.europa.eu/paym/intro/mip-online/2018/html/18...

  • mdp2021  4 years ago

    There still exist banks that provide you with an RSA token. If a bank does not give you the option, how can one (sorry) "of the right segment" have business with it? You look at the service provider, you see all kinds of bad signals, you hire it anyway: this is a big part of what is destroying us!

    Restraining myself to write something very strong about phone security and general user expectancy and duly expectancy (low) - let us stress again the legal side: how do you prove to a bank that, in case of theft from the account, your device was safe? People who see their money stolen then have controversies with the bank about responsibility.

    BTW: PSD2 has been, in many parts, a huge nightmare. Furthermore, healthy parts of it for some reason have not been implemented.

nbzso  4 years ago

Actually we are the weak point. The phone stuff is just unregulated capitalism.

  • djd7duehrj  4 years ago

    Sure, but that still leaves the question of why mobile banking and not mobile games w/ pc banking.

    • bigiain  4 years ago

      I don't agree with some (most?) of the parent posters comments in this threa.

      But I feel there's a valid argument to be made that if your adversary is the sort of people who'd be feeding Apple image hashes to find people, you're probably be wise to carry a regular phone on which you do boring norm-core sorts of things.

      A phone you use to take pictures of cats and pay your rent using banking apps and call your parents - while not using it to communicate with your dealer or your anarchist collective or your friendly investigative journalist.

    • nbzso  4 years ago

      Sorry, I misunderstand your question. I just don't like mobile games, and mobile banking is acceptable use case for me at the moment. But pc banking is obviously a better choice. The general idea of treating your phone as a problem has deep personal benefits. It started for me with realization (years ago) that I am an addict for "dopamine" hits and this "thing" in my pocket has direct influence on my mental performance.

      1 reply →