The problem for me is that most Canadian Banks give you the choice of SMS or their shitty adware filled bank app that relies on Google Play Services and wont implement TOTP so I can use a true MFA app. And Im done with being forced to accept user policies I don’t agree with to do shit, and most of all done with Google Play Services on my device 😑
Its supposed to be illegal for banks to be in “sales” but my wife was working for BMO and they were forcing her to prioritize outbound cold calls ans upselling products the customer didnt need and would clearly be bad for their financials as a Personal Banking Assistant. The conflict of interest was so great it stressed her right the fuck out and she had to take leave and start therapy. Her MS also spiked likely due to the stress levels. She was there to help people, and she made the bank earn loyal customers and they willing got more products from the bank because she helped them. She was the top performer at the bank if she just let her do the job she was there to do, but instead her boss started ragging on her daily about her cold calling numbers and forcing her to cancel necessary appointments and focus time to deal with customer requests and instead prioritize sales.
In the end her numbers dropped, her customer satisfaction dropped, and her MS got worse from the stress and she’s now on long term leave, uncertain if she’ll recover her focus and able to go back to work. Her neurologist has said she cannot go back for now.
Not sure how that bullshit helped the bank, but I can sure see how I didn’t, and I may be wrong but I think there are laws against it.
Also worth noting that this change in tactics happened right at the same time BMO took all their “we’re here to help” signage down. Brings so many memories of Google dropping the “don’t be evil”. Everything that came after in both cases was shit.
Adding to this that my Canadian bank just updated their app and it doesn’t work with my older phone. So my only option is to use online services with SMS/call verification.
It’s such a joy to know that my bank, who made $40.670 billion last year, takes care of every customer equally.
My bank prides itself being the first in the country to support yubikeys for 2fa. I was so happy until i learned it’s just for logging in, transactions are still confirmed by SMS or their app. And security experts all say it’s better this way, using a regular 2fa solution would be insecure because you wouldn’t know what you’re confirming.
I’m not defending that madness, but that device doesn’t show who is the recipient. The argument was that this is protection against phishing sites pretending to be a bank, proxying your connection but sending it to a different recipient.
Makes one wonder how much the user has to fuck up to end in such a scenario, and of it’s really worth transmitting everyone’s financial data in almost plain text over the air for this
This is the main reason I switched to Fidelity here in the US. It’s a brokerage, but it does basic bank things, like checks, debit card, etc, and they support SymantecVIP, which works w/o Google Play Services. TOTP support really isn’t that hard, I don’t understand why banks are so slow in adopting it…
The issue is, banks are only going to do what they’re required to do by law. The government is run by dinosaurs who don’t know what computers are, let alone what TOTP is.
No, they’re only going to do what they’re required to do by their insurance. The law is an option, but if insurance costs go way up if they don’t have proper MFA, they’ll get MFA.
The only negative stories I’ve heard are from people who really push the boundaries, like people day trading and whatnot. If you’re a regular user looking for a bank alternative, you should be good.
Just know their branches don’t really have any banking services, so you can’t go there to withdraw or deposit cash, get a cashier’s check, etc. I keep an account w/ a local institution and transfer money as needed for banking services.
Now you’ve got me wondering about this for Canada. Would be a pita to move mortgage and investments, but there must be a better way than the big banks.
The problem for me is that most Canadian Banks give you the choice of SMS or their shitty adware filled bank app that relies on Google Play Services and wont implement TOTP so I can use a true MFA app. And Im done with being forced to accept user policies I don’t agree with to do shit, and most of all done with Google Play Services on my device 😑
Should be illegal to put ads in something as crucial to day-to-day life as a banking app.
If it’s not illegal, then everyone is going to do it and we won’t have the “choice” that crapitalists love to tout so much.
Its supposed to be illegal for banks to be in “sales” but my wife was working for BMO and they were forcing her to prioritize outbound cold calls ans upselling products the customer didnt need and would clearly be bad for their financials as a Personal Banking Assistant. The conflict of interest was so great it stressed her right the fuck out and she had to take leave and start therapy. Her MS also spiked likely due to the stress levels. She was there to help people, and she made the bank earn loyal customers and they willing got more products from the bank because she helped them. She was the top performer at the bank if she just let her do the job she was there to do, but instead her boss started ragging on her daily about her cold calling numbers and forcing her to cancel necessary appointments and focus time to deal with customer requests and instead prioritize sales.
In the end her numbers dropped, her customer satisfaction dropped, and her MS got worse from the stress and she’s now on long term leave, uncertain if she’ll recover her focus and able to go back to work. Her neurologist has said she cannot go back for now.
Not sure how that bullshit helped the bank, but I can sure see how I didn’t, and I may be wrong but I think there are laws against it.
Also worth noting that this change in tactics happened right at the same time BMO took all their “we’re here to help” signage down. Brings so many memories of Google dropping the “don’t be evil”. Everything that came after in both cases was shit.
EDIT: Oh looks like CBC did an article on this now because it is so prolific. https://www.cbc.ca/news/business/banks-upselling-go-public-1.4023575
Adding to this that my Canadian bank just updated their app and it doesn’t work with my older phone. So my only option is to use online services with SMS/call verification.
It’s such a joy to know that my bank, who made $40.670 billion last year, takes care of every customer equally.
My bank prides itself being the first in the country to support yubikeys for 2fa. I was so happy until i learned it’s just for logging in, transactions are still confirmed by SMS or their app. And security experts all say it’s better this way, using a regular 2fa solution would be insecure because you wouldn’t know what you’re confirming.
There really is no hope.
It’s definitely possible to have a hardware token which allows confirming the transfer details - https://www.manua.ls/nationwide/card-reader-security-for-internet-banking/manual
I’m not defending that madness, but that device doesn’t show who is the recipient. The argument was that this is protection against phishing sites pretending to be a bank, proxying your connection but sending it to a different recipient.
Makes one wonder how much the user has to fuck up to end in such a scenario, and of it’s really worth transmitting everyone’s financial data in almost plain text over the air for this
This is the main reason I switched to Fidelity here in the US. It’s a brokerage, but it does basic bank things, like checks, debit card, etc, and they support SymantecVIP, which works w/o Google Play Services. TOTP support really isn’t that hard, I don’t understand why banks are so slow in adopting it…
The issue is, banks are only going to do what they’re required to do by law. The government is run by dinosaurs who don’t know what computers are, let alone what TOTP is.
No, they’re only going to do what they’re required to do by their insurance. The law is an option, but if insurance costs go way up if they don’t have proper MFA, they’ll get MFA.
Thanks for this…I might be opening a Fidelity account…
They’re fantastic. :)
The only negative stories I’ve heard are from people who really push the boundaries, like people day trading and whatnot. If you’re a regular user looking for a bank alternative, you should be good.
Just know their branches don’t really have any banking services, so you can’t go there to withdraw or deposit cash, get a cashier’s check, etc. I keep an account w/ a local institution and transfer money as needed for banking services.
Now you’ve got me wondering about this for Canada. Would be a pita to move mortgage and investments, but there must be a better way than the big banks.
Here’s a website that tracks this kind of thing. No guarantees about being up-to-date, but from a surface-level check, it looks like you have options.
Wouldn’t count on it being up to date. For my country 4 out of five biggest banks in the country are missing.
They accept contributions, and I’m sure raising an issue with details would be fine as well if you don’t feel comfortable making changes directly.
Thanks!
Even Bank of America doesn’t support MFA apps.
They support USB hardware tokens… but only for the website. Everything else is SMS which kinda defeats the point.
Annoyingly, other than Vanguard, they are the only financial institution to support USB FIDO tokens