Whoever came up with the PSD2 can get fucked up their ass by all the cocks in the world combined.

Whoever fucked up the new security implementations so bad can get fucked up their ass by all the spiked, rusty, aids-contaminated metal poles in existance.

And whoever allowed all this to happen and approved it should take all the nukes in the world, shove them all up their worthless holes, and detonate them all at once.

Fuck you.
Die in a fire.

Sincerely,
Someone who's failing harder and harder every day to not lose faith in what little good there is in humanity.

I dont like the additional security requirements too. Its so slow because the system was designed to send all transaction at a specific time once a day. Everything else is grown.

@stop don't get me wrong, I'm all in favor of security. But I want a proper implementation, not this bullshit that my bank is doing.

Security questions stopped being a thing a decade ago, and they've implemented their own app for TOTP instead of telling people to use an already existing one (like Google Authenticator or Authy or whatever).

I can't even check my bank account right now, because I'm forced to add a security question to my account, but whenever I try it fails with some "unknown error", so I'm stuck in this limbo until they fix their shit.

It's so ridiculous, because doing things properly would be both safer and *easier*, but for some fucking reason it's as if nobody in the banking sector has never even heard of modern security implementations.

It doesn't even make financial sense, because rolling your own security systems is so much more complicated than using something that already exists and is battle-tested.

So what's the fucking point of all this crap?

@endor i need an tan at every login, regardless of accessing over web or HBCI/FINTS. Security issues are not PSD2 compliant because the password/PIN and security issues both come from the Knowledge category. It should be something from the category possession (HBCI card or debit card with card reader as tan generator) or biometrics. I have an tan generator with usb access and an psd2 compatible banking-program that can talk with the generator. So i need only 4 clicks to authorize the transaction at the generator.

@stop yeah, tell that to my bank. They specifically introduced security questions as a mandatory recovery option *for* the PSD2 update.
And it doesn't even work properly. They're so stupid.

@endor report them. The blind eye is only for shops who overslept it.

@stop where would I report them?

@endor it depends. In germany its the Bundesanstalt für Finanzdienstleistungsaufsicht (bafin)

For me the only things that has changed is that I need a TAN for signing in (not just for executing transactions) unless it's a recognized device (like the app on my phone). There are no security questions nor have there been.

@saucyatom applications need only one every 90 days