Comment by danielhlockard
3 months ago
You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
3 months ago
You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
You're almost there. Think to yourself now: what was it that happened in the past that necessitated the need for a large regulatory apparatus, auditors, etc.?
Wall Street is heavily regulated and audited, and still is 'beyond reckless', causing global financial calamities multiple times.
FWIW, I work for a major financial organization in the UK as a software architect and I've brought it up more than once over the years in various roles: not a single bank in the UK supports Yubikeys or custom Authenticator apps.
Not one (I last checked about a month ago!)
Security, while pretty good, is still lacking imo!
Ironically until fairly recently Nationwide required the little keypad authenticator thing, and everyone hated it!
I had one of those umpteen years ago with RBS. I hated it at the time too :)
However, I use a Yubikey as often as I can nowadays and authenticator apps too where possible.
I'd like the option to use one but I can't :(
1 reply →
I thought they still did for website flow at least. Bizarrely we seem to think that phone apps are infinitely secure and don't need the extra step because biometrics?
1 reply →
>You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
I have seen some toe curling shit in fintech.
timetravelling the ledger anyone ? :)
I once had a banking app that reported the wrong transaction amounts (downloading the statements resulted in a different balance than what was shown in my account -- this isn't the US, so it should show the correct amount). When I reported the bug, they changed the values on my statements instead of fixing the app -- so now, it didn't reflect my receipts.
It was a fun time. They eventually fixed it in the app to show my true balance and fixed my statements back to what it was. But holy shit, the fact that an engineer would think that would be the proper fix is wild... this is pre-llms, otherwise, I'd think they'd been vibe-coding.
4 replies →
funniest thing I read this year on HN - well played mate, well played!!!
They could work for the Plaid or Stripe which are pretty known for taking proactive security very serious.
https://security.plaid.com/
https://docs.stripe.com/security
I am 1,000,000% sure that many fintech companies are taking security very, very seriously (I am Stripe customer myself). But I don't think that has anything to do with statement "we are heavily regulated, and audited" - that is too funny.
4 replies →
How big was it when you joined?