Depends on what country you're in. In the UK, the banks are often held liable for various scams that involve the transfer of money, so they up the security over and over again. A bank will rightly argue why it's responsible for an old granny sending her life savings to her new lover in Namibia, so it seeks to block that transaction in the first place.

Some of that liability is fair but most of it is the government telling the banks to account for the loss when someone is scammed. They are obviously going to mitigate that as much as they can.

▲

jdiff a day ago | parent | next [-]

Rooted devices don't enable that transaction. That's all social engineering.

▲

mike_hearn a day ago | parent | next [-]

It's all social engineering now but that's because phones are secure and remote attestation infrastructure is in place.

Go back fifteen years and malware is absolutely submitting bank transactions after the user does a 2FA.

https://krebsonsecurity.com/2010/03/crooks-crank-up-volume-o...

▲

jack_pp a day ago | parent | prev [-]

and grandmas don't root their devices.

	▲	pixl97 a day ago \| parent [-]
		As a devils advocate grandma would have no idea if she was buying or got her device rooted by someone else.

▲

themafia a day ago | parent | prev [-]

> so they up the security

They're upping the surveillance, not the security, quite demonstrably.

This is meant to protect /them/ from liability and not /you/ from loss.