zlacker

[parent] [thread] 1 comments
1. pimter+(OP)[view] [source] 2025-09-24 16:57:38
All of them now require some kind of 2FA, everywhere. This is due to a legal requirement on all EEA payment providers that they require 2FA for almost everything since 2020, including accessing your account on their website: https://en.wikipedia.org/wiki/Strong_customer_authentication

TOTP codes would be allowed by the regulation, as would biometric approaches or separate physical tokens, but in practice every bank I've used in recent years (quite a few, mostly Spanish but also in Belgium & Switzerland) require that you accept a confirmation prompt or similar in their app.

replies(1): >>logifa+dn
2. logifa+dn[view] [source] 2025-09-24 18:50:15
>>pimter+(OP)
It feels like "gold-plating" of regulations is and always has been a significant problem in the EU.

Regulations are written (at EU level) to allow X, Y and Z; somehow by the time it's implemented at member state level it miraculously only allows only X or Y, and once it gets to actual service providers (who've presumably been advised by their in-house lawyers that 'Y is bad') we end up with a choice of X or nothing.

Then if you ask anyone at EU level what's going on, they point to what the regulation says, and everyone shrugs.

[go to top]