Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
oarsinsync a day ago

> Apple has no adequate way to actually verify who anybody is without (a) forcing them to physically visit one of a small number of offices (it can't be every store), and (b) probably charging a significant fee to cover the cost of doing real verification.

My bank is able to verify me remotely to login to their app from a new device in under 15 minutes, just with a photo of my ID card and a video of my face. And the bank is liable for any losses caused if they misidentify me.

Why can my bank do it but apple cant?

Hizonner a day ago | parent | next [-]

Your bank verifies that against the copy of your ID that was collected in person when you opened the account (unless you're using some fly-by-night FinTech "bank", anyway). At a minimum, the bank has already collected, and checked, a bunch of other information that it can use to verify you (more than Apple can collect without mass user rebellion). It has reasonable confidence you haven't lied about that information. The bank can use that information to look up more about you in public records (which the bank knows how to do because, unlike Apple, it doesn't operate in every jurisdiction in the world). And I suspect that the ID/video check is on top of proving you already know a password.

Perhaps even more important, the bank knows exactly what liability it's assuming, and what risk it's exposing you to. There's a limit on how much money the app will let you move (even if the bank doesn't tell you what it is). All the transactions you can do are defined by the bank, it knows what's going on at all times, and it can and does apply extra checks for risky-looking transactions.

And bank transactions in general have a whole reversal-based security layer on top of all that.

On the other hand, people use their Apple accounts to log into God-knows-what third party systems with God-knows-what risks and God-knows-what other security measures or lack thereof.

Oh, and also the bank charges you ongoing overt or hidden fees specifically to cover the costs of securing your money. And of insurance if it fails to do so.

oarsinsync 16 hours ago | parent [-]

Online-only bank Chase from JPM, charges me £0, has a £10k limit on transactions without requiring further verification, and successfully verified me online in under 15 minutes, despite having never seen any of my real documents in person, despite me logging in for the first time in 2 months from a new device that they’ve never seen.

Meanwhile Apple is unable to manage to identify its own customers in its home jurisdiction.

Hizonner 11 hours ago | parent [-]

> charges me £0

You haven't figured out that there are hidden charges? They're not giving you an account because they love you. They're giving you an account because they're making money on your deposits and/or transactions and not passing it on to you. And the money they're making is pretty proportionate to their risks; the more money you have to lose, the more they're going to make.

Whatever revenue iCloud manages to eke out of a random iPhone is going to be far less, and far less correlated with risk. Apple has to structure the system around the user who buys zero premium services.

> has a £10k limit on transactions

So a low limit by the standards of what we're talking about here, and a nice, quantifiable, insurable amount to boot. Which, as I said before, is the most important part of the whole thing. Oh, and I suspect you'll find out that the limit magically gets lower if the money is being sent to wesellgiftcards.com or whatever.

The person featured in the sob story here claims to have lost an entire career. That's going to be worth quite a bit more than that transaction limit, but how much more is hard to say because it's unquantifiable. It is of course stupid to make that dependent on your iPhone, but Apple still has to worry about it if Apple starts trying to take on responsibility for that kind of stupidity.

> despite having never seen any of my real documents in person

You should get a more responsible bank. Although nowadays they may be able to pull, for instance, your ID pictures from government databases to compare with whatever you send them over the Internet... since they have the numbers (and maybe the authorization) to do the lookups. Unlike Apple.

> Meanwhile Apple is unable to manage to identify its own customers in its home jurisdiction.

"Home jurisdiction" is irrelevant. It's not about where your headquarters are. It's about where you operate. Whatever Apple sets up in its "home jurisdiction", it also effectively has to support throughout the world. There aren't enough phone buyers in Cupertino to support Apple's valuation.

JumpCrisscross a day ago | parent | prev [-]

> Why can my bank do it but apple cant?

Banks write off tens of billions of dollars of fraud costs a year. They can do this because money is fungible.