[jopsen]

Banks should be liable, there is often insufficient ways to validate who you're transferring money to.

Sometimes the bank interface will tell you name and address, after you type in numbers, but who validates this?

My bank (in Denmark) sometimes sends me emails from an domain that isn't their primary domain.

The bank uses a login system that is provided by the state. In theory it's a good idea, but you sign-in on domains that are not owned identity authority. Like I sign-in on the bank website, instead of sign-in by redirecting from the bank to a trusted domain owned by the identity authority (how like OIDC flows usually work).

Sure the login flow still involves an app, but my point is:

There is a lot of bad practices around. These should incur liability.

Just start looking at what domains emails are sent from. And complain if they are not the primary domain of the entity contacting you, you'll get tired real soon.

[fallingknife]

I agree, and in the US banks are already liable if an unauthorized person gains access to your funds. But what I'm saying is that most of the scams that OP is talking about just aren't done that way. It's just a scammer that tricks them into sending money.

It's just old fashioned con man stuff but over email or phone. And of you're dumb enough to believe that the only way the IRS (US tax agency) is willing to accept payment is by Visa gift card (and yes this is actually a common scam here) it's just not your bank's problem.

[jopsen]

Lots of government websites are extremely sketchy and redirect you to a sketchy payment gateway, often the payment gateway is on some weird domain.

If I make a payment using my visa card, how is it that I'm not just redirected to visa.com, and that's the only place I enter card credentials? Like how OpenID works.

I'm sure there are reasons, probably legacy reasons :)

But it's still weird that payment uses a third-party domain I can't verify. Often called something sketchy.

[jopsen]

To be clear the EU did a lot with 2FA requirements for online payments.

[TheSpiceIsLife]

Public awareness campaigns on the level of anti drink drive ads from the 90s.

Pay your taxes by Visa gift card. Then you’re a blood idiot.

https://youtu.be/RmhgGm4joEQ?si=bJzbF8Gnz-G5Nt6b

[tsimionescu]

This is all irrelevant.

The way these scams work is to get someone to intentionally send money, usually through gift cards or wire transfer to an account.

Some of the common schemes are to pretend these are taxes that they didn't pay ("you owe the IRS a huge amount, send this money and all the penalties won't be applied immediately"), sometimes it's urgent money needed for a loved one (a common one is "your son/daughter just hit someone with their car, send money to this lawyer to try and save them from prison"), sometimes it's promises of future riches (such as the infamous Nigerian Prince who will send his fortune to you if only you send a little money first).