|
|
|
|
|
|
by EGreg
1368 days ago
|
|
|
I agree but there is an even more serious security feature almost all 2FA misses: Telling the user what action they are authorizing by reading back the numbers. That “bank rep” on the phone? They are probably trying to log into your account, or withdraw cash, not verify that you are the right person to send the refund back to. It would save a lot of problems. Also you should be getting an alert on all your devices whenever transactions over X amount per Y time occur, and you should have an opportunity to reverse them for 24 hours (even for debit cards). Also you should be able to make windows during which time it would be longer than 24 hours, such as a Jewish holiday or when out of range. This wouldn’t apply to recurring transactions. |
|
|