undefined | Better HN

0 pointsrandom4215y ago0 comments

> because they can now wash their hands off the matter ("hey only the customer knew the second password... he must have been careless with it, not us")

Seems pretty valid argument to me.

0 comments

2 comments · 1 top-level

roel_v15y ago· 1 in thread

Rather than downvote it's easy to factually counter your argument: it's not because e.g. keyloggers or mitm attacks can compromise the account. Then afterward, the 2-factor auth is used against the customer as a smokescreen - basically banks say 'oh but we've got this very secure system, it can't be cracked'. Then you have to get into a very technical argument with the bank, which is either hard to win (because only 1 person involved understands, deliberate or not) or impossible (because most customers don't understand the details, and we can't expect them to).

This is not a hypothetical situation - this already happens in Western Europe! It's hard to hold banks or merchants responsible for fraud. Now they shouldn't always be held responsible, that's the first issue; but even in cases where they are (like when they guaranteed upfront that they'd take the risk of fraud, as they used to do in the early days of online banking/payment) their first line of defense will be vague 'our technology is tamper proof' arguments. Many consumer association websites are full of stories about this.

random42OP15y ago

Thanks for not downvoting (and explanation). I certainly wasn't trolling with my comment.

j / k navigate · click thread line to collapse