zlacker

Of course they do, and of course they would. Banks are in a crazy legal position where they are financially liable for user stupidity. If my bank account gets breached, it doesn't matter that I didn't take any reasonable security measures, the bank will still have to refund me. If the bank could say "you didn't follow our recommended security practices to use a PW manager and MFA or passkeys, so it's a FAFO situation for you," then they wouldn't be pushing for this stuff. But they can't do that because the government doesn't allow them to.

There is even government regulator pressure now for financial services to be liable for cases where the user legitimately authorizes a transaction to a party that turns out to be a scammer. Of course the banks want to watch your every move and control your devices. They would be stupid not to given the incentives.

>>termin+(OP)
In what country do you live? In America, users are liable for the banks stupidity. If they don’t verify credentials and give away all of my money, I do NOT get it refunded, they are NOT responsible, and I am the victim of “identity theft.”

>>termin+(OP)
I understand all that but I don't see how that's any less secure than a browser.

>>parine+J5
My bank doesn't allow access through a browser. It has to be the app or else you have to travel to their HQ in person (I guess) and close your account.

>>blizdi+d5
I live in America. I have got back every single cent I have lost due to fraudulent charges on my account. Furthermore, I was refunded instantly by the bank pending investigation.

>>termin+A9
The bank you have did the right thing and I think most banks and credit unions will do this, as it’s bad for a lot of reasons not to.

That said, the legal obligations around how this works is very different. One of the reasons common advice is use a credit card for online purchases instead if a debit card or checking account link is because of the fact that they have different liability expectations around fraud[0]

[0]: there are of course a multitude of good reasons for this advice generally speaking, but this one is cited a lot

>>immibi+J8
Can I ask what bank and why on Earth you continue to give them your business?

I guess I'm unusual in that I've been using an "online" only bank for 20 years (back then it wasn't so online... I had a stack of UPS overnight envelopes for check deposits), but I cannot imagine patronizing a bank that won't let me log in and do basically anything from a browser.

>>termin+(OP)
On the flip side, banks have the worst fucking security outside of demanding you use an app. Let me use 2FA that isn't bespoke.

>>immibi+J8
What a terrible bank though.

>>no_wiz+Hb
You are incorrect. This isn’t good will measures, these are required by law. The EFTA, for example, requires banks to make you whole against fraudulent ATM transactions. The CC recommendation is more about you having more time and flexibility to dispute the charge without risking access to cash; most Americans don’t even have a few thousand dollars in cash so a fraudulent ATM withdrawal is a major problem. But if you have a good chunk of cash the fraudulent ATM transaction will not really be felt by you provided you follow the requirements about notification (you have 2 days after noticing to report it to the bank).

The losses due to fraudulent CC activity are governed by the FCBA.

It’s shocking how people think companies do this kind of stuff out of good will rather than being forced by law.

>>0xffff+Af
I have never seen a bank that allows mobile deposits from a browser. I have always seen it require an app.

>>0xffff+Af
In quite a few Asian countries there are no banks left that don't force you to use their apps. There is not other option.

>>immibi+J8
do they still allow you to download your transactions to your phone and get them to your pc that way? just curious, I'd be screwed, I don't know how to install apps on my phone.

>>hoover+nl
At least you have bespoke 2FA. All I have is SMS 2FA

>>hoover+nl
Most of that “app” security is requiring to use Symantec’s app which doesn’t actually require Symantec - there’s plenty of guides online showing how to register any authenticator app instead.

>>termin+A9
Are you mixing up fraudulent credit card charges? Because that's a whole lot other story. I can't even imagine you would be able to get any fraudulent debit card charges back from the bank.

>>cromka+ha3
I got around $2000 of fraudulent debit card charges reversed on the spot when I reported them.

>>cromka+ha3
I got a call from the bank asking if I'd spent over $8k today on my debit card at a mall and restaurant in a shady part of town... I said no, and they ended up refunding me and issuing me a new card.

They did ask me to make a statement to the police, which I did.

Funnily enough when I talked to the police, they said, "Oh, $7k, is that all? Just today we had someone lose over $140k".

How do you even spend $140k on a credit card? Must have been a platinum card or whatever.

I'm in Australia, not sure how different things are here.

>>broken+aG5
Interesting. In EU the bank's liability is typically limited. However, but now that I think of it, they are only liable for bigger sums, not petty theft. So if you get scammed of up to, say, 200 euro, they don't care. Anything more than that, they do.

>>termin+(OP)
If they want to do it properly, they can use the Android hardware attestation:

https://grapheneos.org/articles/attestation-compatibility-gu...