[bubblethink]

Does nobody in the EU do computers ? How do they pass asinine laws like this ? I mean, from the outside, it always appears as though the EU is much better than the US when it comes to consumer rights, but it always feels like they don't have a very good grip on technology.

[Delk]

Where I live, the authentication systems implemented by banks are also used for verifying user identity to various other services, including governmental ones.

Basically, there's a common (government-backed) user identification system which hooks up to interfaces that banks provide. When you're logging in to an online service that requires strict identification of the user (such as ones that would require an official id document if done in person), you first pick the bank you're using, and the service forwards you to the bank's website. Once you log in with your bank credentials, the original requesting website gets informed that you've provided valid login information, and the identity that the login matches with.

I don't know the exact technical details of how that works, but essentially the bank also acts as a user identification service for various official and governmental online services. It's treated as similar to proving your identity with a document, or to signing a document with your signature.

I don't know if this is a common thing in other European countries, but if it is, that might be a reason why the EU has an interest in enforcing 2FA.

You're not strictly required to use a smartphone, as at least my bank has other means of 2FA that satisfy the regulatory requirements, but they are more cumbersome.

[baal80spam]

> Where I live

Do you live in Denmark perchance?

> I don't know if this is a common thing in other European countries

There is a similar system implemented in Poland and works very well.

[gpvos]

I don't think this was driven by law, but by an appropriate wish to increase transaction security (you really shouldn't use SMS for this anymore).

There are some rules here that are nonsense, such as know-your-customer laws that force me to enter my home address even when the product or service (say, a concert or train ticket) is delivered to me entirely electronically.

Most of the move to purely electronic payment is driven by the market and the large banks; e.g. in the Netherlands we actually never had laws that force shops to accept cash as payment.

[bubblethink]

I agree that you shouldn't use SMS. My point was that unless the law (if there is one), requires that 2FA be enabled in an accessible way, the banks will do their own thing with the phone push notification system. The 2FA situation is quite bad in the US too, but a small no. of banks do offer TOTP.

[toastal]

This whole situation caused me to throw up my hands in Thailand and now I pay for most everything in cash since it's still a cash-friendly nation.

[inside_out_life]

It's hard to explain but Poland got hooked on mobile payments/banking, the adoption is very high and one of the major players is home grown.

[mateuszf]

Btw, I live in Poland, and I use my banking app for internet payments and NFC payments using Pixel with CalyxOS.

So it's possible to do that with some of the banking apps.