There's a lot of competition in the banking sector, so I don't think banks can afford to start telling customers that they need specific devices to access their online services.
The banking sector is EXACTLY where "cyber 'security'" and "compliance" will mandate for this to be implemented.
When I worked a bank at $oldjob, compliance mandated we had a full-blown anti virus engine (from Microsoft or McAfee, "at your option") deployed in quasi-ephemeral container images.
It does not have to be reasonable, it doesn't have to be a net positive - it just has to tick some box on some compliance sheet for this to be required, and I will never again be able to perform a banking transaction from my personal computer or degoogled phone again.
> South Korea knew it had an ActiveX problem way back in 2015, because even then the need to use ActiveX to do business on local websites irked outsiders.
> For locals, the requirement to run the code was so annoying that getting rid of it became an election promise at the nation’s 2017 presidential election.
> That promise has now been delivered: the nation’s Ministry of Science and ICT today (2020) annnouced the service’s planned demise.
Banks might not, but the governments may come to a similar idea, and tell the banks to tell you.
I don't think banks can afford to start telling customers that they need specific devices to access their online services.
They already make demands.
Two of the very large national banks I have accounts with restrict your access if you're not even using the right browser version. One puts a warning in every page. The other won't even let you log in.
To make the second one even worse, it requires a very specific version, not just > $version, so if i update my OS too quickly, it won't let me in.
As far as I know, it's extremely common for banking apps to implement integrity attestation on android. My bank's app only shows a warning message and doesn't restrict anything otherwise, but I've heard plenty of stories of other banking apps that refuse to run.
It's already happening on smartphones with the proliferation of SafetyNet requirements. Once a few generations of Android smartphones have passed and most current devices support the required hardware, all banks can just make SafetyNet a hard requirement and the average non-technical user will be none the wiser.
The same thing can happen on desktop. In fact I'd say it's already happening, with Microsoft making TPM2.0 a hard requirement for Windows. The frog is slowly being boiled.
onion2k|2 years ago
freedomben|2 years ago
N19PEDL2|2 years ago
c0l0|2 years ago
When I worked a bank at $oldjob, compliance mandated we had a full-blown anti virus engine (from Microsoft or McAfee, "at your option") deployed in quasi-ephemeral container images.
It does not have to be reasonable, it doesn't have to be a net positive - it just has to tick some box on some compliance sheet for this to be required, and I will never again be able to perform a banking transaction from my personal computer or degoogled phone again.
bongobingo1|2 years ago
https://web.archive.org/web/20230309020227/https://www.nytim...
https://www.theregister.com/2020/12/10/south_korea_activex_c... (2020)
> South Korea knew it had an ActiveX problem way back in 2015, because even then the need to use ActiveX to do business on local websites irked outsiders.
> For locals, the requirement to run the code was so annoying that getting rid of it became an election promise at the nation’s 2017 presidential election.
> That promise has now been delivered: the nation’s Ministry of Science and ICT today (2020) annnouced the service’s planned demise.
Banks might not, but the governments may come to a similar idea, and tell the banks to tell you.
reaperducer|2 years ago
They already make demands.
Two of the very large national banks I have accounts with restrict your access if you're not even using the right browser version. One puts a warning in every page. The other won't even let you log in.
To make the second one even worse, it requires a very specific version, not just > $version, so if i update my OS too quickly, it won't let me in.
bakugo|2 years ago
Knee_Pain|2 years ago
Gazoche|2 years ago
The same thing can happen on desktop. In fact I'd say it's already happening, with Microsoft making TPM2.0 a hard requirement for Windows. The frog is slowly being boiled.
account42|2 years ago