[astrange]

That is probably true because phones are less susceptible to keyloggers or evil browser extensions, but "security standards" have approximately nothing to do with it beyond "using HTTPS".

The security model for US banks is that it's illegal to do crimes to people's bank accounts. It doesn't involve "super secure apps", bank account numbers and credit card numbers are super insecure and there is little reason you should care about this insofar as you're not liable for leaking them.

[cameronh90]

The difference is that with an app, the server can ensure it's running on a safe non-compromised/jailbroken device using remote attestation (Play Integrity, App Attest).

With a web browser, there's no way of doing that by design as the user has full control over their user agent, so you need to trust the end user is following good security practices and hasn't allowed their user agent to become compromised.

However, in the EU, banks are legally liable for financial loss caused by unauthorised transfers, so they are increasingly not willing to trust that the user hasn't just loaded their browser up with malicious extensions and malware.

[pc86]

This might be true for credit cards but for the vast majority of people, even completely irrespective of income, getting your checking account number leaked to a nefarious party can absolutely cause you a hell of a lot of trouble.

Credit cards will give you the benefit of the doubt with a credit while they investigate. Banks (and credit unions) are going to be VERY hesitant to give you a 5-figure advance into a new checking out while they investigate how your account got drained when it initially looks like you did it. Even the most pro-customer policies practicable won't help when now all your automatic payments start failing. It's certainly a recipe for ruining your week and you'll likely spend the next month or two dealing with the fallout, and that's assuming you don't face crippling financial penalties because of it, which the majority of Americans would.

[ChrisMarshallNY]

> as you're not liable for leaking them.

But it's fun when you get your checking account drained, and it takes weeks to get it back.

I've seen that happen to a couple of folks.

That's also why I don't like to link my account to sites like PayPal and Venmo.