One more reason for logging-in to my bank account using only PC
- Thread starter Parkinsond
- Start date
Its solution for him is to remove possibly fake Bitwarden.
I would let him use it, if he signs that bank has no liability.
So if he get hacked or his card stolen, he will be on his own.
I have learnt not to argue with unreasonable people, pointless.
My bank apps do not let me use screenshot, am I mad, no, glad.
Could be considered "privacy" invasion by HSBC app?
Of course they aim to make the phone more secure by not allowing to run apps from sources outside official stores.
But would it possible to check for the app digital signature or certificate, allowing those with intact ones, regardless of the source?
If they ran this check through the app as someone was trying to access your account would you then consider it privacy invasion?
They are checking the integrity of the connection and access, I would be grateful they are doing so.
Fun fact: two weeks ago Croatian bank Erste banka (part of Erste Group) was fined 1,5 million € for collecting names of installed apps on phones of their customers through their mobile app. Very much illegal in the EU.
Erste banka kažnjena s 1,5 mil. eura zbog kršenja privatnosti podataka
Agencija za zaštitu osobnih podataka (AZOP) izrekla je kaznu od 1,5 milijuna eura Erste banci zbog višestrukog kršenja Opće uredbe o zaštiti podataka (GDPR). Utvrđeno je da je banka putem svoje aplikacije za mobilno bankarstvo nezakonito obrađivala osobne podatke više od 430 tisuća klijenata.
vijesti.hrt.hr
The banks were doing this to prevent fraud by creating a fingerprint. To be honest, it's rediculous because the bank will scan the device for integrity checks anyway, looking for scans for specific malware signatures or "root" flags and sends a simple "Yes/No" (Pass/Fail) verdict to the bank’s server.Fun fact: two weeks ago Croatian bank Erste banka (part of Erste Group) was fined 1,5 million € for collecting names of installed apps on phones of their customers through their mobile app. Very much illegal in the EU.
Erste banka kažnjena s 1,5 mil. eura zbog kršenja privatnosti podataka
Agencija za zaštitu osobnih podataka (AZOP) izrekla je kaznu od 1,5 milijuna eura Erste banci zbog višestrukog kršenja Opće uredbe o zaštiti podataka (GDPR). Utvrđeno je da je banka putem svoje aplikacije za mobilno bankarstvo nezakonito obrađivala osobne podatke više od 430 tisuća klijenata.
Since users are usually the issue the bank is forced into using preventative measures. If a person does not consent to this, I would suggest walking their lazy butt into a bank for transactions.
Fining the bank for for being creative protecting its clients is not a fun fact, it's rediculous and cost the bank and it's customers.
Fun fact: two weeks ago Croatian bank Erste banka (part of Erste Group) was fined 1,5 million € for collecting names of installed apps on phones of their customers through their mobile app. Very much illegal in the EU.
Erste banka kažnjena s 1,5 mil. eura zbog kršenja privatnosti podataka
Agencija za zaštitu osobnih podataka (AZOP) izrekla je kaznu od 1,5 milijuna eura Erste banci zbog višestrukog kršenja Opće uredbe o zaštiti podataka (GDPR). Utvrđeno je da je banka putem svoje aplikacije za mobilno bankarstvo nezakonito obrađivala osobne podatke više od 430 tisuća klijenata.
Honestly this level of awareness and caution is welcome. And so the banks should be scolded over hot coals for their behavior, they have allowed scammers to use the banking system to rip off grannies, retirees, pensioners and hard working people. Education is again key, teach and educate your family and parents about scams but when I nearly get caught out due to a really good scam effort it makes you wonder what non MT members of society face in fighting scams and hackers.
This precaution applies to phone app, what if using W PC to access the bank account?
Fraud has shifted to mobile, with credit cards attached to wallets it's easier to commit fraud with a hacked/stolen phone.
W PC there is not much you can do, it's up to banks to protect customers and governments to enforce laws to protect consumers.
Always use your credit card, they will refund any money stolen or fraud 99% of cases. Bank debit account is different, and sending large sums you need to call/check..
In part it's human greed, when you get scam calls/messages offering 1000% return/interest and people fall for it and hand over hundreds of thousands of dollars.
In part I agree with banks not returning money in these cases, because people should know better than to transfer huge amounts of money to random text/calls.
This user is a mow ron.
Fent Flip is a mow ron.
2003 the UK Supreme Court ruled that banks are not universally responsible nor liable for a customer that was tricked into authorizing a payment.
The ruling states that "If the person authorized the payment, then the bank is not liable."
Full Stop.
In 2024 the UK Payment Systems Regulator (not the UK legal system itself) imposed new rules that require banks to reimburse victims of APP scams up to 85,000 Pounds Sterling per incident - BUT DOES NOT INCLUDE USER GROSS NEGLIGENCE, INTERNATIONAL TRANSFERS, and MOST SMALL BUSINESS PAYMENTS.
User gross negligence includes not using passwords and password storage that meet widely accepted best security practices, amongst many other things that consumers are notorious for not doing. So in many cases, the bank will perform the reimbursement but then later be able to reverse it and hold the user accountable for the entire amount due to gross negligence. However, these are not defined within the UK PSR. They are defined elsewhere, including the terms of service and agreements with the bank.
In any case, the UK PSR made banks the APP POLICE on any digital device used to conduct transactions connected to accounts at those banks.
The banks have a duty to delay payments for 72 hours when and where they deem fit to prevent fraud.
The banks can close anyone's or any business account for any reason if the bank determines that the user/business is grossly negligent or even less. So there will never be any consumer or business reimbursed for millions of UK Pounds Sterling for repeatedly "falling victim" to APP scams.
PS - There are already APP scams intended to take advantage of this ridiculous immediate-reimbursement APP scam regulation that banks must adhere to. The cybercriminals are using already stolen money, fall victim, get reimbursed, and then in instances they do receive goods and services.
The banks have a duty to protect consumers and businesses - which means if you install the bank app - then the bank has the right to perform security checks on the device and impose whatever else the banks deem fit to ensure it meets their duty under the regulations to prevent fraud.
The EU is generally stupid as far as its regulations. UK PSR is trying to be like the EU but is equally, even arguably more, stupid.
Last edited:
Well, I am not really sure why someone would wanna do their banking when they have installed what I am assuming, an app using a service (with “draw over other apps” permission which for Bitwarden would be essential).
It is a common sense that this app needs to be installed via the Play Store (not that both Play Store and Galaxy Store aren’t notorious for hosting malware and spyware).
The play store typically uses static analysis and heuristics, manual analysis is rarely a thing.
The HSBC app is using a simple heuristic (if origin is not com.android.vending and app uses certain permissions, jump to <this> logic).
Any app that fits this criteria will be suggested for removal.
The origin btw is spoofable as well.
Android has built-in password management, not sure what Bitwarden can offer that is not already included.
It is a common sense that this app needs to be installed via the Play Store (not that both Play Store and Galaxy Store aren’t notorious for hosting malware and spyware).
The play store typically uses static analysis and heuristics, manual analysis is rarely a thing.
The HSBC app is using a simple heuristic (if origin is not com.android.vending and app uses certain permissions, jump to <this> logic).
Any app that fits this criteria will be suggested for removal.
The origin btw is spoofable as well.
Android has built-in password management, not sure what Bitwarden can offer that is not already included.
It's possible that the OP had accessibility enabled in Bitwarden to help with autofilling. If they turn it off (at least temporarily), the bank app may allow them to continue.
They would need to revoke the “draw over other apps” permission and then it probably will stop, though the app may be scanning all apps manifests and the mere request for this permission may still cause the block. Not sure how deep they go in their checks and scans.
I have doubts it is using any heuritisc; if using, it can find the app fine, even if not installed from the store; not all standalone apk is malicious.
What makes sense more, it is checking some metadata related to Google store, which get added upton install from there.
Does not matter. The 2024 UK PSR made banks the APP POLICE on any digital device from which transactions are performed that are connected to an account at said banks.
If the UK tells banks that they cannot be the APP POLICE because it violates user rights but the PSR says they must be the APP POLICE, then it is a certainty that banks will stop offering any bank apps within the UK - or - much more probable will be that they will merely raise charges and fees significantly to cover their losses under this ridiculous regulation.
So, in short, the banks will cover their losses via crowdsourcing via fees & charges. All of us cover the banks' losses because some users get fooled.
Every regulation that intends to fix a problem only increases costs to the masses, because that is far, far cheaper to society than the society actually requiring people to be educated and secure.
Cybersecurity is like the American Ford Pinto.
You may also like...
-
-
3rd party license key enrolled with the seller's gmail account
- Started by Studynxx
- Replies: 25
-
-
