Let’s use this topic to talk about the security of banks and financial services.
Logging the Mrs into Chase on her new phone and they want a pic of her passport and a video of her.
What the actual F??? If I’m bothered to log back in, it’ll genuinely be to just transfer out the cash and close the stupid account.
What a faff.
3 Likes
Monzo ask for a video. Think Starling also do.
The ID part is frustrating yes but I guess it’s all for protection.
13 Likes
Indeed. Revolut, Monzo, Starling all also asked for photo/ video so maybe they’re all levels of annoying.
Feels like bullshit security theatre to me. Call me old fashioned but give me a strong password and TOTP any day of the week.
6 Likes
She is on android if I recall?
I actually do wonder if the iPhones ability to detect it’s a face or a photo better than most phones means iPhone doesn’t need a video but chase could have changed it after having faking issues with photos.
Tom did you have to use a video when you got your new iPhone?
1 Like
If you saw the number of account takeovers this stops you wouldn’t think it’s theatre 
9 Likes
I suppose in theory the 2 factors can both be stolen. Your face can’t*
*except in some movies
5 Likes
Someone would desperately want my hundreds to do that 
Probably cost them more than what they would gain access to 
3 Likes
I do not see passkeys as the grand be all and end all, they are good and an improvement but thats it.
The ir scanner on the iphone would massively hinder that with deepfake videos given you cant just submit it to the camera.
I, 100% see why banks need video now and why its an improvement over the photos approach with the ease that people can get photos from social media. I think you could maybe get away with a photo on the iphone if the dev uses the IR scanner to try and ensure its not a photo though.
As much as video is a bit of a PITA for people its hopefully something needing to be done rarely.
I can handle FIDO keys and all the extra stuff but my folks 100% couldnt, in fact a lot of people I know cant handle TOTP as a system. Google and MS have made it easier with the push notifications at least to confirm.
3 Likes
What happened at Starling, must have missed that?
1 Like
Unpaywalled: https://archive.is/JfFk4
I will reply better later. Just having scran 
5 Likes
The face is the one thing that fraudster’s can’t easily steal from you - nearly every other form of 2FA is liable to be breached either through social engineers or by phishing.
2 Likes
The key difference is the ability to ask people to say a unique phrase to ensure that it is live - which isn’t an option for a photo.
9 Likes
Clearly a man who’s never seen Face/Off
9 Likes
I mean I’d defend the easily part of my statement, even when faced with Nick Travolta and John Cage.
1 Like
not gonna give the telegraph my money, but one-click Apple Pay instead of a sign up page is a fun little time saver
3 Likes
I guess the ‘nearly’ part goes to hardware keys, which have become so easy to use it’s a bit baffling banks still aren’t using them. The only barrier is buying one; in the interest of security, surely banks would want to absorb the initial cost and offer one to each customer, if it would save money from customers being phished, vished etc.
1 Like
