Comment by mdp2021

There still exist banks that provide you with an RSA token. If a bank does not give you the option, how can one (sorry) "of the right segment" have business with it? You look at the service provider, you see all kinds of bad signals, you hire it anyway: this is a big part of what is destroying us!

Restraining myself to write something very strong about phone security and general user expectancy and duly expectancy (low) - let us stress again the legal side: how do you prove to a bank that, in case of theft from the account, your device was safe? People who see their money stolen then have controversies with the bank about responsibility.

BTW: PSD2 has been, in many parts, a huge nightmare. Furthermore, healthy parts of it for some reason have not been implemented.