PSD2 in europe a bad thing


#1

In europe from september if you wanna use your prepaid bank card you have to use android or ios.
Thats because all bank will use a kind of secure mode with their own apps, i’ve asked to all bank i know and they all will do that.

Any one tried anbox or do have any idea to deal with that with librem5?


#2

I never used banking apps on the phone. The phone is my second factor.


#3

“while still having your money safely placed in your current bank account.”
What money? Our fiat currency is a scam based on debt. It is a huge pyramid scheme and there is no money.


#4

:rofl: spoiler alert !


#5

Please don’t go offtopic, this is not about a choice but they will force us to use their app to make online purchase, and ofc their app are available for ios and android only, that’s mean if you wanna buy online you must use ios or android


#6

This is a genuine problem, not just for payment but also for interacting with government. Rome wasn’t built in a day.


#7

As far as i know, in order to pay using a prepaid card, the bank must still provide a way to receive one-time tokens without the need for a smartphone (usually this is accomplished by an SMS message).


#8

SMS is now considered unsecure and will be dropped in few month.
It will be mandatory to use the Android or iOS application for 2 factors authentication.


#9

I don’t think this is true. It has been debated and I think the current interpretationis, at least by some nations, that SMS to a mobile phone fulfils the category “something only the user has”.

All in all, I think PSD2 is a good step and enhances consumer rights. It levels the playing field opening up payment and banking for more innovation (and foss?). It will probably do the opposite OP is referring to in the long run, even though we might suffer in the short.


#10

SMS (mtan) will be dropped in the future in the EU. In the meantime more and more banks charge the sending of SMS (up to 19cent/sms).
They will force us to use an app on a smartphone, and the app is only offered for ios and android. And this is my real concern with the librem5.
We will always have to take another ios/android phone along, just to do online banking and the like (and most banking apps require up-to-date android)…
…unless there is a third-party service provider who offers a way for linux-users to do this.
The only good thing I may see in PSD2 is that banks are obligated to provide their customers’ accounts through open APIs.


#11

So the banks will force you to have a smartphone? I’m not sure. I always use my bank card (or better, real money) to pay stuff. I have nothing about my bank on my phone (I don’t trust my actual Android phone). I use my Linux personal computer to interact with my bank on their web site.

Personally, I don’t need any Bank application on my phone.


#12

I do all my bank transfers by telefonbanking. You call a tall free number and have a voice menu system to be managed by dedicated words like Überweisung (German for money transfer) and dialpad numbers for account numbers or money values. It‘s protected by knowing your account number and a 6 digit PIN. As a last resort you can ask for a human operator (who asks for your passphrase). There is a daily limit of 1500 euro to transfer away to another account, for more you must ask the operator to upper the limit for one transfer. This all ist fast and secure, at least better than any iOS or Android app from a device which backdoors etc. you dont have fully control over.


#13

No, but many services available today will no longer be available without an Android or iOS smartphone (those that now require a code sent by sms).


#14

For this you will need in the EU (from 2019-09-14 onwards) a smartphone with app or a photo-tan-generator (devices from 30€ to 50€) in order to interact with your bank/online-banking.

[To pay stuff you can of course use your bank card - I only referred to online-banking]


#15

That’s interesting, any source where i could read about it? I had no idea


#16

I haven’t a good source in english for that.

Search for “end of OTP sms” (One Time Password) and “eIDAS”.


#17

[Trigger warning: redundant acronym RAS syndrome.]

This is known as the requirement for Strong Customer Authentication (SCA) for online card payments of the PSD2 directive. In the UK, my bank is offering three options for SCA authentication: SMS messaging service verification codes, a smartphone app and a stand-alone card reader that generates one-time codes using the chip in the payment card and the user’s PIN number. The card readers have been around for years as a way to authenticate with online banking services, but not all banks issue them. They look a bit like pocket calculators and run off a coin cell. Do banks in other countries offer card readers?

Other authentication methods offered by UK banks include telephone call to a registered number, and there seem to be murmurs about using email instead of SMS. Even the requirement to use any kind of mobile phone for authentication has resulted in complaints from the public, either because people don’t have any mobile phone at all, or because they live somewhere where there is no phone signal. There has been discussion of it on the BBC Radio 4 personal finance programme “Money Box”. People have also pointed out that SMS is not a secure authentication method.


#18

in brazil, once i just used firefo xin windows and now i need some plug in.
now, i use PureOS in a VM and allfine. for now.

in ATMs,only cell or Hand.

https://banco.bradesco/html/classic/index.shtm