[Am4TIfIsER0ppos]

The government can always make it worse. The EU removed my prepaid card simply because I refused to get a phone for it which was expected to receive some sort of permission for each transaction.

[hocuspocus]

SCA is a big improvement for most people.

Some card issuers don't require it done via a phone if that's important for you.

[culturestate]

> Some card issuers don't require it done via a phone

And some (looking at you, DBS) toggle seemingly at random between requiring it via SMS or via their mobile app.

[hocuspocus]

I meant neither by phone (SMS tokens don't meet the DSP2 requirements) nor a mobile app.

The card issuer can send you a one time link to a web portal by email or using an iframe, where you log in and confirm the transaction.

[culturestate]

Interesting. I've had cards with email confirmation flows (AmEx) but they send an OTP, not a link. I don't think I've seen what you're describing.

[rwmj]

For most, but not anyone like us who has no mobile reception.

[hocuspocus]

You don't need mobile reception with modern SCA.

Presumably if you're initiating an online purchase, you have access to WiFi?

[rwmj]

Depends on the bank ("acquirer"?) involved but some definitely need mobile. Paypal is one, so is my pension company.