| ▲ | danielhlockard 20 hours ago |
| You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited. |
|
| ▲ | ItsBob 7 hours ago | parent | next [-] |
| FWIW, I work for a major financial organization in the UK as a software architect and I've brought it up more than once over the years in various roles: not a single bank in the UK supports Yubikeys or custom Authenticator apps. Not one (I last checked about a month ago!) Security, while pretty good, is still lacking imo! |
| |
| ▲ | cjrp 6 hours ago | parent [-] | | Ironically until fairly recently Nationwide required the little keypad authenticator thing, and everyone hated it! | | |
| ▲ | ItsBob 6 hours ago | parent | next [-] | | I had one of those umpteen years ago with RBS. I hated it at the time too :) However, I use a Yubikey as often as I can nowadays and authenticator apps too where possible. I'd like the option to use one but I can't :( | | |
| ▲ | cjrp 5 hours ago | parent [-] | | I wonder if the higher-end banks, e.g. Coutts, let you use one. |
| |
| ▲ | Ntrails 4 hours ago | parent | prev [-] | | I thought they still did for website flow at least. Bizarrely we seem to think that phone apps are infinitely secure and don't need the extra step because biometrics? | | |
| ▲ | victorbjorklund 3 hours ago | parent [-] | | Isn’t it because the assumption is that a mobile device is personal in 99,99999% of cases while it’s common (less now than 15 years ago) with shared computers in libraries, schools, etc. |
|
|
|
|
| ▲ | devin 15 hours ago | parent | prev | next [-] |
| You're almost there. Think to yourself now: what was it that happened in the past that necessitated the need for a large regulatory apparatus, auditors, etc.? |
|
| ▲ | mmooss 18 hours ago | parent | prev | next [-] |
| Wall Street is heavily regulated and audited, and still is 'beyond reckless', causing global financial calamities multiple times. |
|
| ▲ | protocolture 16 hours ago | parent | prev | next [-] |
| >You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited. I have seen some toe curling shit in fintech. |
| |
| ▲ | klaushougesen1 8 hours ago | parent [-] | | timetravelling the ledger anyone ? :) | | |
| ▲ | withinboredom 7 hours ago | parent [-] | | I once had a banking app that reported the wrong transaction amounts (downloading the statements resulted in a different balance than what was shown in my account -- this isn't the US, so it should show the correct amount). When I reported the bug, they changed the values on my statements instead of fixing the app -- so now, it didn't reflect my receipts. It was a fun time. They eventually fixed it in the app to show my true balance and fixed my statements back to what it was. But holy shit, the fact that an engineer would think that would be the proper fix is wild... this is pre-llms, otherwise, I'd think they'd been vibe-coding. | | |
| ▲ | johnisgood 6 hours ago | parent [-] | | Pre-LLM or vibe-coding, it is the same shit ultimately I'd say: shitty developers doing software development. :D | | |
| ▲ | ChrisMarshallNY 4 hours ago | parent [-] | | I tend to avoid auto-cashiers. It's mostly because I find they don't save any time, and just exist to fire cashiers. One place that they basically force you to use it, is my local drug store (big chain, that I won't call out by name). Their auto-cashier absolutely sucks. It's almost impossible to avoid having an issue that requires you waiting around for the poor schulb to come over and fix. They recently set up touchscreens, at the prescription counter. I have not once had success with the touchscreen. It can never find me, or my wife. They always have to just take my information manually. I suspect that the backend (the algorithm and main engine) is good. I think almost all the problems are with shoddy frontend stuff. For example, I think the touchscreen issue is capitalization, and the old system cut off our surnames, so I actually have to type in about half my name, in all caps, to have it find my prescription. I feel personally offended, when I encounter stuff like that. | | |
| ▲ | johnisgood 3 hours ago | parent [-] | | I have never used these auto-cashiers or whatever they are called. It might be due to anxiety, which is weird because social encounters should be more anxiety-inducing. I just feel like I would mess something up. Oh, and here real cashiers usually scam you by scanning the items twice and so forth (not sure if intentionally or not), it happened a couple of times to my parents (not considered elderly yet) in the past few months I would say. In any case, I feel your pain. |
|
|
|
|
|
|
| ▲ | bdangubic 16 hours ago | parent | prev | next [-] |
| funniest thing I read this year on HN - well played mate, well played!!! |
| |
| ▲ | aiisjustanif 4 hours ago | parent [-] | | They could work for the Plaid or Stripe which are pretty known for taking proactive security very serious. https://security.plaid.com/ https://docs.stripe.com/security | | |
| ▲ | bdangubic 4 hours ago | parent [-] | | I am 1,000,000% sure that many fintech companies are taking security very, very seriously (I am Stripe customer myself). But I don't think that has anything to do with statement "we are heavily regulated, and audited" - that is too funny. | | |
| ▲ | fragmede an hour ago | parent [-] | | In the wake of every scandal in finance is a wave of regulations. Finance is one of the most heavily regulated industries the is. That smart people keep finding new areas that haven't yet been regulated doesn't mean that the existing areas agent heavily regulated and audited. If you give me $5, and then I pass it on to Bob for you, how many licenses and how much paper work do you think I should need to do that if I did that as a business? If you give me some money and I am a business, how much paperwork should that incur? | | |
| ▲ | chaps 16 minutes ago | parent [-] | | The big problem is that the exchanges are largely self-regulated. Or at least when I was in the field. A company I worked at sued a counterparty to our trade because we had proof of market manipulation. I won't say any of the details of who, etc, but the trades of the counterparty were so... plainly obvious of market manipulation in violation of the exchange's rules. At one point in that lawsuit the exchange's lawyers accidentally CC'd my bosses, showing that the exchange was colluding with the counterparty. From what I was told, the issue for the exchange was that if they were found out to not enforce their self regulation then it'd be the precipitous event to the hammer coming down on them from regulatory bodies. So yeah. Regulation's kinda shite here. |
|
|
|
|
|
| ▲ | 650REDHAIR 16 hours ago | parent | prev [-] |
| How big was it when you joined? |
