Comment by b_e_n_t_o_n
19 hours ago
Depends if you ask someone who gets defrauded of their life savings and work and is financially ruined I suppose.
19 hours ago
Depends if you ask someone who gets defrauded of their life savings and work and is financially ruined I suppose.
Most of the time, it's the bank that's on the hook for fraud, which is why they're motivated not to trust that the user's device is sufficiently secure.
There’s no world where the bank is on the hook for fraud while also not being allowed to prevent it.
Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.
Is this not a solved problem? I used to have a TAN generator for my bank as a separate device I paid like 5 euros for. If you get provided an authenticator and get forced to use it for transfers essentially even if my device is compromised it doesn't matter unless their device also gets compromised. They are then free to lock it as much as they want.
2 replies →
There is such a world, and we live in it. Banks might reduce fraud by repeatedly performing credit checks on customers, for example, but that's usually illegal.
Remote attestation doesn't check that there isn't malware; it checks that the OS is approved by one of a short list of corporations. Passing that check is correlated with a reduced risk of certain types of malware being present, but is not quite the same as checking for malware.
I'm not okay with owning a cuck device where the bank manages my OS. So we have a problem.
1 reply →
lolwut
define "malware".