Comment by liendolucas

1 day ago

Yes, but that can be simply solved by the banking app to re-ask for the PIN instead of directly declining to take the screenshot.

If it asks me again my PIN when I'm about to hit "transfer" when sending money, there should be no problem in doing the same for the screenshot.

Instead at least my banking app forces me to navigate through an unfamiliar menu and donwload a PDF. A waste of time compared to taking a screenshot.

Some do that, and it's super annoying. I take a screenshot, and then silently my login doesn't work, with a weird error returned instead. Get another PIN, type it in, take a screenshot before submit, again get a nondescript error that makes no sense.

Don't they star the PIN in any case?

Why exactly is me taking a screenshot of my signup process for my records suddenly a disqualifier for signing up?

If all these companies never lied to us about the terms of the deals we're signing up for, needing proof of what actually happened, we'd never be taking these screenshots.

Honestly, this whole "security" theatre ought to be investigated by the consumer protection agencies, and any app that prevents screenshots being taken, or gives these nondescript errors when someone takes it and is subsequently unable to sign-in, should be fined for their anti-consumer behaviours.

I replied to someone else with the same response. I'll repeat it here. The point of my reply wasn't to do with MFA codes, specifically, but the fact that MALWARE can take screenshots in order to harvest things, such as MFA codes or anything else. Preventing screenshots is likely, in my opinion, a defence against malware harvesting anything that way. Your online banking can present a lot of sensitive information visually that could be used for things like identity theft etc.

And yes, there are other ways that malware can harvest information and if your device has been root-kitted you're screwed no matter what. But the fact that there are 100 ways to attack you doesn't mean the banks don't see value in trying to prevent 50 of them.

  • Yes, you are correct. You know what my assumption was? That everyone is competent and know what they are doing with their phones. Obviosuly 100% biased judgement.