Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
fph a day ago

Hardware tokens are not allowed in Europe to authorize certain operations such as bank transfers: you need a device that can show the operation you are about to authorize ("enter 123456 to confirm your payment of 99.99 € to Pornhub"). And that essentially means using a phone.

layer8 a day ago | parent | next [-]

Maybe it’s country-specific, but most banks I know support a card reader or photoTAN device. You don’t need to use a phone.

fph a day ago | parent [-]

I don't think card readers can display payment information, can they?

And I have no idea why, but no bank offers photoTAN devices in my country. They seem like an interesting concept, even though I imagine the underlying hardware isn't far from that of a phone, in the end.

sdl a day ago | parent | next [-]

German VR Banken: https://genostore.de/Banking/Kartenlesegeraete/

Sparkassen: https://www.sparkassen-shop.de/home/shop/tan-generatoren,375...

layer8 a day ago | parent | prev [-]

The card readers have an LCD display that shows the information.

fph a day ago | parent [-]

How do they get this information in the first place, though? Do they have a QR code reader?

sdl a day ago | parent [-]

Yes, in that case it's often called Photo-TAN or QR-TAN. See https://en.wikipedia.org/wiki/Transaction_authentication_num...

Previously there were also so called "flicker TAN" approaches: https://de.wikipedia.org/wiki/Transaktionsnummer#chipTAN_com...

WhyNotHugo a day ago | parent | prev | next [-]

I’ve seen dedicated hardware devices which scan a QR-like code and show this in a little screen of their own. The bank provides them and does not require any app.

I only know of a single bank using this.

SkySkimmer a day ago | parent [-]

>I only know of a single bank using this.

If it's not Crédit Mutuel then you now know of a second bank using this method.

rzr 5 hours ago | parent [-]

I am interested too, my fallback bank trapped me (or my courage to resist), the fallback of fallback would be crypto but i am not sure i want to depend on this too...

Meanwhile, the last hope is that people will use more cash (if the digital world is too hostile, oh wait it is!)

finaard a day ago | parent | prev | next [-]

I'm in Europe, and some of my banks still operate with a token just showing numbers, while others use devices with QR code readers and a colour display which then can show transaction details.

They don't really like you using that and keep annoying you to stop doing that, but I don't think they'll fully get rid of that - those are filling some accessibility niches as well.

rsync a day ago | parent | prev | next [-]

Is this true?

The old, standard RSA number generator token key ring device is not permitted in Europe for authorizing bank actions ?

fph a day ago | parent [-]

Precisely. You can use and old-style hardware token that only generates numbers to log in, but not to authorize an operation such as a money transfer.

The requirement is called "dynamic linking" (the 2FA code must be tied to the specific transaction) and the relevant regulation is PSD2.

miahi a day ago | parent [-]

There are "simple" hardware tokens that allow for that - you have to enter the amount and part of the destination IBAN and they generate a 2FA number based on that + probably the same number generator it uses for logins.

guax a day ago | parent | prev [-]

I am in europe and my bank issued me a hardware token I still need to use from time to time.