zenitram, to random
@zenitram@hachyderm.io avatar

There was only a single bank that I knew of, Wise, that let a customer use their APIs to read your account transactions... but not anymore, because of regulation 🫠

In the EU, that's how PSD2 forces you to "buy" API access to your own personal bank account transaction data through a third-party🤦‍♂️

ilyess, to infosec
@ilyess@mastodon.online avatar

I was shocked witnessing someone logging into their bank on the phone in public recently:

  1. Their phone’s big display was at full brightness so everyone around could see what they were doing.
  2. They typed their password in, so no password manager. Unsurprisingly the password was weak: 5 lowercase letters and 1 numeric character.
  3. They didn’t have any kind of 2FA set up!

How on earth is this still happening?! 🤦

Caroline,
@Caroline@hessen.social avatar

@ilyess You might be wrong in 2 ways, at least if I relate this to how mobile banking is working in Europe:

  1. Weak passwords are only a risk if brute forcing is possible. In Europe, after 3 or 5 false attempts to enter the password, access is blocked. Complex passwords do not help when so. is shoulder surfing.
  2. There might have been a second factor: the phone as a possession factor (activated through some other trust factor), and/or biometrics (so maybe even 3 factors).

Jeremiah, to infosec
@Jeremiah@alpaca.gold avatar

Building a federated global payment network raises a lot of questions.

@Interledger has an open call for research projects as part of its ambassador program.

I don’t decide the funding strategy, but I do have several research topics I personally think would be valuable to have formal research on.

https://community.interledger.org/jeremiahlee/research-id-like-to-see-funded-3j7k

topher, to random

Banks need to support Yubikeys.

And TOTP.

This is stupid.

kkarhan,
@kkarhan@mstdn.social avatar

@ligniform @topher banks and payment providers only do what they're legally obligated to.

Regardless if or ...

aral, to security
@aral@mastodon.ar.al avatar

Wow, Bank of Ireland are completely clueless about .

“BOI: We need to speak to you about your credit card application…

Me: Sure…

BOI: First, let’s verify you…full name, date of birth…

Me: …

BOI: Mother’s maiden name?

Me: LjwOtrNGIgpJlJE

BOI: So this is the problem: We need your mother’s maiden name.

Me: I just gave it. This is a security question and I provided you with a password.

BOI: No, that won’t work, we need her name.

Me: Wow… OK… Please cancel my application.”

kkarhan,
@kkarhan@mstdn.social avatar

@aral nodds in agreement

I wish I could go into detail about how f**ked up finance and payment providers are but that's covered with NDAs...

Granted most of it is just absurd and shitty tacked-on solutions like and that never solved the core issues whilst bricking enough stuff that a complete redesign would've been more useful and economically...

kkarhan,
@kkarhan@mstdn.social avatar

@chris @aral The only things you can't do is buy real estate in cash or rent a car with cash, as both don't want to handle cash and car rental will likely prefer to pull the entire rent + deposit and then back-transfer the deposit after returning the car...

also banks here are extremely stingy in terms of loans and actual credit cards are sparse with low limits at best...

So if your CC doesn't support , and Chip+Pin it may not work at all...

Edent, to random
@Edent@mastodon.social avatar

You can't make secure payments in the Metaverse https://shkspr.mobi/blog/2022/09/you-cant-make-secure-payments-in-the-metaverse/

Jeremiah,
@Jeremiah@alpaca.gold avatar

@Edent Fascinating! Probably not Meta’s fault. Strong Customer Authentication is an Payment Services Directive (EU PSD2) requirement. Your card’s issuing bank, not the merchant, decides how to meet that requirement. Most use a method inaccessible to a VR platform (bank’s mobile app with PIN/biometrics, country e-id app with PIN/biometrics, SMS links). Not sure how PayPal gets around this. AR/VR is a use case the EU should try to accommodate in the upcoming PSD3 revision.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • thenastyranch
  • magazineikmin
  • everett
  • InstantRegret
  • rosin
  • Youngstown
  • slotface
  • love
  • khanakhh
  • kavyap
  • tacticalgear
  • GTA5RPClips
  • DreamBathrooms
  • megavids
  • modclub
  • mdbf
  • tester
  • Durango
  • ethstaker
  • osvaldo12
  • cubers
  • ngwrru68w68
  • provamag3
  • normalnudes
  • Leos
  • cisconetworking
  • JUstTest
  • All magazines
    •