> Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.
This is one I’m willing to tolerate, as long as it’s optional. Something I don’t understand though is banking app setup. When I got a new phone this year, the RBC app made me submit some kind of live selfie.
The thing is, I know they can scan your debit card with NFC and authenticate the PIN. I’ve used it for a password reset in the past. Why is a selfie better than that when they presumably have nothing to compare it to?
It would be quite a scandal, legally and socially, if it was discovered that a bank was creating a database of images of their customers without consent.
That's quite interesting! So in Canada, it seems PIPEDA means the banks can't use atm video footage to build client profiles. Cannot say the same for the US, unfortunately.
According to ChatGPT: Only Illinois, Texas, and Washington really constrain that, and Illinois is the only one with real teeth.
This is one I’m willing to tolerate, as long as it’s optional. Something I don’t understand though is banking app setup. When I got a new phone this year, the RBC app made me submit some kind of live selfie.
The thing is, I know they can scan your debit card with NFC and authenticate the PIN. I’ve used it for a password reset in the past. Why is a selfie better than that when they presumably have nothing to compare it to?