← Back to context

Comment by terminalshort

20 days ago

Of course they do, and of course they would. Banks are in a crazy legal position where they are financially liable for user stupidity. If my bank account gets breached, it doesn't matter that I didn't take any reasonable security measures, the bank will still have to refund me. If the bank could say "you didn't follow our recommended security practices to use a PW manager and MFA or passkeys, so it's a FAFO situation for you," then they wouldn't be pushing for this stuff. But they can't do that because the government doesn't allow them to.

There is even government regulator pressure now for financial services to be liable for cases where the user legitimately authorizes a transaction to a party that turns out to be a scammer. Of course the banks want to watch your every move and control your devices. They would be stupid not to given the incentives.

20 comments

terminalshort

Reply
blizdiddy  20 days ago

In what country do you live? In America, users are liable for the banks stupidity. If they don’t verify credentials and give away all of my money, I do NOT get it refunded, they are NOT responsible, and I am the victim of “identity theft.”

  • terminalshort  20 days ago

    I live in America. I have got back every single cent I have lost due to fraudulent charges on my account. Furthermore, I was refunded instantly by the bank pending investigation.

    • no_wizard  20 days ago

      The bank you have did the right thing and I think most banks and credit unions will do this, as it’s bad for a lot of reasons not to.

      That said, the legal obligations around how this works is very different. One of the reasons common advice is use a credit card for online purchases instead if a debit card or checking account link is because of the fact that they have different liability expectations around fraud[0]

      [0]: there are of course a multitude of good reasons for this advice generally speaking, but this one is cited a lot

      1 reply →

    • cromka  19 days ago

      Are you mixing up fraudulent credit card charges? Because that's a whole lot other story. I can't even imagine you would be able to get any fraudulent debit card charges back from the bank.

      3 replies →

hooverd  20 days ago

On the flip side, banks have the worst fucking security outside of demanding you use an app. Let me use 2FA that isn't bespoke.

  • vlovich123  20 days ago

    Most of that “app” security is requiring to use Symantec’s app which doesn’t actually require Symantec - there’s plenty of guides online showing how to register any authenticator app instead.

parineum  20 days ago

I understand all that but I don't see how that's any less secure than a browser.

  • immibis  20 days ago

    My bank doesn't allow access through a browser. It has to be the app or else you have to travel to their HQ in person (I guess) and close your account.

    • 0xffff2  20 days ago

      Can I ask what bank and why on Earth you continue to give them your business?

      I guess I'm unusual in that I've been using an "online" only bank for 20 years (back then it wasn't so online... I had a stack of UPS overnight envelopes for check deposits), but I cannot imagine patronizing a bank that won't let me log in and do basically anything from a browser.

      2 replies →

    • cowboylowrez  20 days ago

      do they still allow you to download your transactions to your phone and get them to your pc that way? just curious, I'd be screwed, I don't know how to install apps on my phone.