[azuanrb]

In my country, we do. For starters, we use apps for authentication and notifications. We can debate whether web push is viable, but most banking apps simply do not rely on it. As for older people, I would rather they use an app than a website because it is far too easy to fall victim to phishing attacks, no matter how much we educate them.

[mannanj]

OK continuing to play Devil's advocate: In my country my mom fell to a sophisticated spear phishing attack and whilst on the phone with the scammer and he leveraged her app's login to make it easier and more convenient to attempt to send her money via Zelle.

I wonder if there's really evidence to support that the app's protect you from phishing attacks.

I personally think notifications suck and are spam and not needed, and that we could make something new and better we don't have that today though. What do you use the bank authentication for in your country if you don't mind my asking?

[azuanrb]

I’m not sure about the formal evidence, but to me it’s quite straightforward. I installed the official banking apps on my parents’ phones and told them to use only those apps for banking. Nothing else.

If they use a website, they might mistype the URL or click on a fake link. They don’t really use bookmarks either. Even if they manage to reach the correct site or add it to their home screen, they still have to log in again each time they use it. The app removes all of that—they just tap one icon. Passkeys may improve web security, but they still have a long way to go for non-technical users.

Notification sucks, but overall I’m still in favor of it until we have something better. I’ve had to replace my credit card a few times due to fraud cases, and the same happened to my parents. Because we get instant notifications for every transaction or authentication attempt, we know immediately if something suspicious happens. That’s not really possible with web push, especially since our banks don’t support it.

Authentication is much better in the app as well. In the past, banks would ask lots of personal questions over the phone, which I’m no longer comfortable answering unless I made the call myself. With the app, the account is tied to one device, and biometric login makes it easy and secure. Any approval happens inside the app, which feels safer.

App is definitely not perfect, but for the majority of people (non-tech), it's just a lot easier and (unfortunately) safer for them.

[mannanj]

Thank you. I had typed a response and hit hacker news post limits. So will just post I read this, and got a better understanding of this from this back-and-forth. Thanks.