• @davidgro
    link
    28 months ago

    I guess I don’t know what you mean by “authenticating transactions”.

    • Chewy
      link
      fedilink
      78 months ago

      Online transactions require a second factor which displays the actual amount to be transferred. This works by either an app which receives the transaction data (recipient, how much) over the network, or a device which takes the bank card and is used to scan something similar to a qr code. The device then displays the transaction data.

      This makes sure a fraudulent site can’t easily change the amount or the recipient of a transaction, even if they somehow made an identical website (or close enough).

      For remote transactions (e.g. online payments), the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising the risks in case of mistakes or fraudulent attacks.

      https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html

      It’s not perfect, especially with people using a banking app and the second factor app on the same device for convenience sake.

      • @davidgro
        link
        28 months ago

        Interesting. If they do that in the US some day, I would absolutely much rather buy that device than unroot my phone.