Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> what I'm specifically addressing is "can we do it without the internet bit?",

Monzo could open some branches, where it's somebody else's problem to verify the identity of the staff in the building and you can be quite certain the person behind the desk is in fact an employee

(Edit: I know they're a 'challenger' bank)



Well tbh with you that's how I bank, and I agree with you.

I think that "app based" banking is a shitshow, and will only get worse, and ultimately more insecure. The entire economic strategy of dehumanisation is a catastrophe in the making.

And clearly there is no genuine market demand for it, people hate it with a passion, but it's being forced on the population, probably for other reasons more nefarious than "convenience" or "efficiency".

That said, if you're going to do telephone banking with another actual human over an audio or AV channel - which is an acceptable mode of interaction for me - then you may as well employ that information stream for more sophisticated authentication as we go into the age of AI deep-fake voices and video.

Because authentication doesn't need a terribly large bandwidth, indeed we can do it with tiny amount, side-channels within the audio stream see a good leverage point.


Do you think telephone-based banking is more secure than app-based banking? What's your argument for that?

My experience with talking to banks on the phone has been that common security measures seem laughable to me - like "last four digits of your SSN" laughable.


Good question. Yes I think it's more secure if complemented with other good mechanisms. I agree that the current state of most voice based schemes is pretty poor. But those that involve a separate codebook can be quite tight.

Like all things it's more secure in the hands of people moderately educated in protocols and sufficiently sceptical.

A general security problem, perhaps a paradox, is that the more we try to hide it for "convenience", the more opaque and automatic, the more people come to blindly depend on the mechanism at some other layer and stop thinking.

I suppose what makes voice based interaction more secure is that it's slower. It gives more time for levels of security in depth and for people to figure out something is amiss.

But we'll have to see how that pans out with sophisticated voice-spoofing technology because I expect most people, even well educated and sceptical ones, are easily flipped into trust mode by the sound of a seemingly familiar voice and some clever replay attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: