Hacker News new | ask | show | jobs
by fallingknife 526 days ago
Insured against what? (The bank is already liable if the account is breached). These scam transfers are intentional acts authorized by the account holders. A company can't be held liable for the stupidity of its customers.
1 comments
jopsen 526 days ago
Banks should be liable, there is often insufficient ways to validate who you're transferring money to.

Sometimes the bank interface will tell you name and address, after you type in numbers, but who validates this?

My bank (in Denmark) sometimes sends me emails from an domain that isn't their primary domain.

The bank uses a login system that is provided by the state. In theory it's a good idea, but you sign-in on domains that are not owned identity authority. Like I sign-in on the bank website, instead of sign-in by redirecting from the bank to a trusted domain owned by the identity authority (how like OIDC flows usually work).

Sure the login flow still involves an app, but my point is:

There is a lot of bad practices around. These should incur liability.

Just start looking at what domains emails are sent from. And complain if they are not the primary domain of the entity contacting you, you'll get tired real soon.

link
fallingknife 526 days ago
I agree, and in the US banks are already liable if an unauthorized person gains access to your funds. But what I'm saying is that most of the scams that OP is talking about just aren't done that way. It's just a scammer that tricks them into sending money.

It's just old fashioned con man stuff but over email or phone. And of you're dumb enough to believe that the only way the IRS (US tax agency) is willing to accept payment is by Visa gift card (and yes this is actually a common scam here) it's just not your bank's problem.

link
jopsen 523 days ago
Lots of government websites are extremely sketchy and redirect you to a sketchy payment gateway, often the payment gateway is on some weird domain.

If I make a payment using my visa card, how is it that I'm not just redirected to visa.com, and that's the only place I enter card credentials? Like how OpenID works.

I'm sure there are reasons, probably legacy reasons :)

But it's still weird that payment uses a third-party domain I can't verify. Often called something sketchy.

link
jopsen 523 days ago
To be clear the EU did a lot with 2FA requirements for online payments.
link
TheSpiceIsLife 526 days ago
Public awareness campaigns on the level of anti drink drive ads from the 90s.

Pay your taxes by Visa gift card. Then you’re a blood idiot.

https://youtu.be/RmhgGm4joEQ?si=bJzbF8Gnz-G5Nt6b

link
tsimionescu 525 days ago
This is all irrelevant.

The way these scams work is to get someone to intentionally send money, usually through gift cards or wire transfer to an account.

Some of the common schemes are to pretend these are taxes that they didn't pay ("you owe the IRS a huge amount, send this money and all the penalties won't be applied immediately"), sometimes it's urgent money needed for a loved one (a common one is "your son/daughter just hit someone with their car, send money to this lawyer to try and save them from prison"), sometimes it's promises of future riches (such as the infamous Nigerian Prince who will send his fortune to you if only you send a little money first).

link