Comment by AnthonyMouse
2 days ago
> In other words, banks and governments and other such institutions have noticed (and they probably do have data to back this up) that very few of their customers use "unapproved" devices and a very large majority of fraud comes from "unapproved" devices.
What would cause you to think that to be the case?
There are two primary ways that bank fraud happens. The first is that the attacker steals the user's credentials, at which point they can sign into the user's account and transfer funds, and can use any device the bank requires because they already have the credentials. The second is that the attacker convinces the user to transfer the money and then once again the user is using an approved device if that is required, and requiring it in no way prevents the attack.
Moreover, even if there was a statistical correlation -- which there is no reason to expect in this case -- that doesn't help you when the attackers could just use their stolen credentials on an approved device anyway, regardless of what they were doing before.
Vandalism can be reduced by excluding fare evaders because that's a class of people rather than a class of devices. Requiring the attackers to use an approved device when the approved device still allows them to commit the fraud accomplishes nothing.
> Vandalism can be reduced by excluding fare evaders because that's a class of people rather than a class of devices.
Just observing: People who don't own an iPhone or modern android are also, generally, of a class -- and probably one banks would prefer to not do business with for profitability reasons.
People who don't have spyware/lockinware for principled reasons are currently rare enough to not matter in this analysis-- though sure, they're probably customers the bank wants.
> Just observing: People who don't own an iPhone or modern android are also, generally, of a class -- and probably one banks would prefer to not do business with for profitability reasons.
I don't know about that. There are plenty of retirees who want nothing to do with this "modern technology" while still having large amounts of retirement savings that the bank very much wants at their institution.
Small (and for that matter large) business owners also have a tendency to have complicated financial situations and correspondingly want to deal with them using a computer screen rather than a phone, and that's another class of customers banks are certainly not interested in driving away.
Meanwhile I take it you're implying that the people who don't have a smartphone to do banking on are undesirable poors, but those are the people who do use a phone for banking, because bargain bin Android phones are available for ~$15 and that's the extent of what they can afford for an internet device.
Whereas the people using the likes of GrapheneOS might well be a small percentage of the customer base but they're still generally the class of customers the banks like, i.e. tech people with upper middle class financial situations.