← Back to context

Comment by patrakov

10 hours ago

We are talking about banking and pseudo-banking apps with the following typical features:

* A wallet for QR-code based payments backed by a national standard for their content and by the money in your bank account;

* A software implementation of an NFC-enabled credit or debit card, or sometimes with a magnetic strip emulation in addition to that;

* An interface to transfer money to other bank accounts in the same country or abroad, or to convert between local and foreign currency if you have a foreign currency bank account;

* A way to pay common utility bills - in some cases, by scanning the QR code on the bill;

* A way to manage banking and investment accounts - e.g., if you want an extra savings account in Japanese yen with a new debit card attached to it, tap a few times and it's there;

* A chat with bank representatives - for example, to provide supporting documents by photographing them, without ever visiting the bank;

* A second factor (as in 2FA) to approve money transfers initiated from the desktop web browser, meeting the bank standards where TOTP can't meet them (e.g., due to the legal requirement to say what transaction the code is for).

The real problem is that many banks are deprecating their browser-based interfaces and are turning app-only.

2 comments

patrakov

Reply
Figs  8 hours ago

> The real problem is that many banks are deprecating their browser-based interfaces and are turning app-only.

What bank does that? If my bank did that, I would find a new bank immediately. That is not OK.

  • patrakov  3 hours ago

    Speaking about the Philippines here.

    First, how about Philippine National Bank? Compare snapshots of their front page, https://www.pnb.com.ph/, on web.archive.org, and see that they have completely removed the link to their Internet Banking system. Only Mobile Banking remains.

    See also https://web.archive.org/web/20220605084957/https://portal.pn...

    Also, Metrobank threatens to make it impossible to log into their online banking website without the mobile app installed. This is already officially the case for their corporate banking, but it's just TOTP with a non-extractable (on a non-rooted phone) seed and some anti-root checks under the hood.

    Finally, the following mobile wallets and "digital banks" are app-only: GCash, Maya, GoTyme Bank. The first two are the only ways to pay for water here, other than going to a kiosk where someone else would use their GCash account to process your payment.