[pancrufty]

Having seen many of these systems myself, I doubt they’re “almost as good in features.”

My European bank (one of the largest in my country) doesn’t accept passwords longer than 8 characters. Imagine how bad the rest of the systems is.

[candiodari]

If you're working with COBOL records then changing the number of characters of any field, or adding or removing a field is pretty much impossible.

Which leads to funny questions at development time like "how many characters do we reserve in the customer record for the third child of the second wife of customer X, when they're remarried, this third child is not a child of the customer but there does exist an alimentation 'agreement' between the customer and their third wife". You must make this decision knowing that whatever your answer ... it can never be changed again.

>500kb per record. And, of course, mostly it just has first and last name, address, birthdate and balance, nothing else.

Makes the web look efficient.

[01acheru]

Well... yeah, but no one on their sane mind would build the backend of a mobile app or of a web app in COBOL.

Of course you can have all your COBOL and your mainframes down below rolling and churning like it's 1975, but the authentication of an app is layers up above in a totally distinct system. Or this or you're crazy.

[stefan_]

You will find there is often a big difference between logging into the account and making any change or transaction. Getting the password right might give you account details and some basic transaction history, but it won't allow you to transfer money without 2FA.

[pancrufty]

True, but you assume 2FA is implemented correctly and doesn’t have a bypass. What I’m saying is that they’re often poor at what they do, so I don’t put excessive trust in them.