Well then you're up against the wall of digital verification.
I know there's a fuck load of situations where the banks are 100% screwing the customer to their benefit, but there's a legit conversation about people who give out their passwords, or claim they did, when money gets wiped out.
If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".
Now granted:
1. With passkeys and biometrics and 2FA we've got a lot of better ways to make these accounts secure, and hopefully more idiot proof. I'm hoping we start getting rid of email/phone for 2FA as a valid option though.
2. The moment the police are treating it as an identity theft case, the bank should be required to pony up. I don't know if that's the case (and wouldn't be surprised if they fight it tooth and nail), but at that point you have a state or federal entity acknowledging this is not a legit transaction, and therefore you should be compensated by the bank, and they can get their money back from the insurance companies that insure against this kind of thing.
> If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".
Our current system is entirely built on ridiculous levels of trust, mostly for convenience / cost saving reasons. I've made payments over the phone with nothing more than the information found on the bottom of every check I've ever sent. I routinely hand my credit card to waitstaff making 7.25 an hour and in that moment I'm handing every last one of them the ability to snap a photo of my card on their phones and go on a shopping spree at my expense.
As insane as our system is, it's mostly worked. Even though I've been made to pass around my account info countless times, I've never once had my accounts cleaned out. If a single mother with less than 1k in her account gets robbed, I have a hard time blaming her. She had zero say in the design of this system, and she's the person least able to deal with the cost of the consequences of it.
On the other hand, I have very little problem putting the blame on the banks which do control much of the system and who can more than afford to cover the costs of such incidents. This puts a small amount of financial pressure on them to improve the systems they've created and forced the rest of us to use in order to participate in society.
There are all kinds of things they could be doing to reduce fraud, but they don't. Mostly for convenience / cost saving reasons. I consider their refusal to take even simple steps to improve the security of their systems as their implied consent to continue accepting the responsibility for the still rare instances where criminals take advantage of their inaction.
Is that "ridiculous" as in excessively stringent or weak? Because that phrase can be read either way. From the examples you give I'm presuming the latter.
Note that payments or deposits to a given account require little authentication over the destination though more for the payee. I've long been amused by US banks which require me to authenticate to an ATM to make a payment but will accept cheques dumped into a deposit slot.
I agree that the system mostly works, but fraud costs are in the billions, and that's U.S. credit cards alone:
Financial transactions are premised on 1) the ability to detect fraudulent activity in realtime --- rather than solidly establish identity, payment processors are looking for indicators of fraud, and 2) reversibility of transactions --- if fraud does occur, funds can be clawed back, usually with the vendor holding the bag / taking the hit, rather than either the bank or account-holder.
The Google Authenticator app (just as a mainstream example) was released 14 years ago. When we're still waiting for a lot of banks to even support TOTP, consider me unimpressed with the level of effort banks are putting into securing my accounts.
>Well then you're up against the wall of digital verification.
That's whole point, they should use standardized authentication process. The problem is that they don't use any authentication at all. They just give money away because they can extort them back from unsuspecting victim like some gangsters.
How do you feel about the recent case where a caretaker for a disabled person who was given permission and access to use the person's cards, banking app, etc ended up stealing from the person. The banks response - they had given the caretaker access so it was their fault.
Even if you have all the passwords and bioinformatics, passkeys, 2FA, etc - how can you prevent theft like this?
Just because the bank didn't reverse the transaction doesn't mean the disabled person can't sue the caretaker and doesn't mean a prosecutor can't charge the caretaker.
See how credit cards work (at least where I have lived). Someone fraudulently cloned my card after a petrol station visit and I got it fixed as soon as I noticed the weird transactions. The bank or VISA footed that cost. UK has statutory law on this. Probably because of how CCs used to work with that carbon copy crap.
In the US merchants are the ones footing that cost, either in merchant fees (which they then pass on to the Customer in the form of higher prices) or directly (by the credit card company refusing to pay the merchant).
It might be different now, but in the late 90s I sold some laptops to a buyer using a stolen credit card. The cardholders had no fraud liability but my company ended-up having to eat the cost of the stolen laptops. The credit card company simply didn't pay the amount of the fraud in their settlement with us.
I know there's a fuck load of situations where the banks are 100% screwing the customer to their benefit, but there's a legit conversation about people who give out their passwords, or claim they did, when money gets wiped out.
If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".
Now granted:
1. With passkeys and biometrics and 2FA we've got a lot of better ways to make these accounts secure, and hopefully more idiot proof. I'm hoping we start getting rid of email/phone for 2FA as a valid option though.
2. The moment the police are treating it as an identity theft case, the bank should be required to pony up. I don't know if that's the case (and wouldn't be surprised if they fight it tooth and nail), but at that point you have a state or federal entity acknowledging this is not a legit transaction, and therefore you should be compensated by the bank, and they can get their money back from the insurance companies that insure against this kind of thing.