Warum sollten sie das tun? Welche Vorteile haben sie durch die Deaktivierung von Push-Benachrichtigungen?
https://i.redd.it/rw7k0g8qnjzg1.png
Von Far_Bicycle_2827
Warum sollten sie das tun? Welche Vorteile haben sie durch die Deaktivierung von Push-Benachrichtigungen?
https://i.redd.it/rw7k0g8qnjzg1.png
Von Far_Bicycle_2827
3 Kommentare
I hate it, but unfortunately it makes sense.
People enter their private data (including LuxTrust credentials) on shady sites. Criminals could call them, and tell them a story why they need to confirm the push notification NOW („your account is compromised, you need to confirm so we can block your cards“ or stuff like that). Under stress, people believe pretty much everything.
After this change, this phishing method is no longer possible because you have to physically sit in front of the screen that you are trying to log in to. For now at least, those people are protected, until some criminal group finds a way around.
But like I said, I hate it and I’m considering opening an account at an online bank just because of this. The user experience is just horrible and could be much better if they work with actual UI designers and don’t let developers dictate how something has to work.
At first I was annoyed by the change. But it seems one step safer overall.
I’m not versed in cyber-security. I wonder if the added scanning of a QR code to retrieve the Luxtrust challenge, instead of the push notification reduces the risk of some attacks.
I’m vaguely aware of SIM swapping and man-in-the-middle attacks. Those are attacks where you would not even be able to prove that you didn’t authorize a transaction, because it is your phone number that shows up officially.
So yeah, hopefully it is safer.
In Belgium, ItsMe is somewhat similar to Luxtrust.
Almost all belgian banks have already stopped supporting push notifications. It’s not „random“. It’s not BCEE specific. It’s on purpose.
[https://support.itsme-id.com/hc/en-us/articles/35105282664855-Why-can-t-I-enter-my-phone-number-anymore-when-logging-in](https://support.itsme-id.com/hc/en-us/articles/35105282664855-Why-can-t-I-enter-my-phone-number-anymore-when-logging-in)
With push notifications, it’s super easy to initiate the transaction, and then get/trick the approver elsewhere to approve the transaction.
If the approver does a good job, they check what they are approving. And the scenario can be convenient between trusted persons. But it’s easily abused by bad actors.
I have a close relative, close to 80, reasonably smart and knowledgeable, that got recently scammed. Not by this very trick, but just to show that they are not protecting against theoretic issues, there are very real scams. (And sure, I guess soon the scammers will send a complementary message with a link that displays the QR code… but that makes the scam a bit more costly and a bit less convenient for the scammer). .