Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.ca/@JustinDerrick" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JustinDerrick</span></a></span> don't use online banking and never have honest answers on security questions!</p><p><a href="https://infosec.space/tags/Funfact" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Funfact</span></a>: This would not have been possible if their bank complied with <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a>, which demands active, on-demand <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a>!</p>
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
274active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#psd2
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@juliewebgirl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>juliewebgirl</span></a></span> <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a>?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.linux.pizza/@midtsveen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>midtsveen</span></a></span> how about <em>never</em> unless @Liberapay@mastodon.xyzgets forced under threat of hans for violating <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> to implement it <em>'at gunpoint'</em> socto speak...?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@martinsteiger" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>martinsteiger</span></a></span> wenn kein <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>-<a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> existiert nutz' ich kein 2FA aus Prinzip!</p><ul><li><a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a>-<a href="https://infosec.space/tags/TAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TAN</span></a>|s sind unsicherer als die qua <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> verbotenen <a href="https://infosec.space/tags/iTANs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iTANs</span></a>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://toot.io/@hisold" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hisold</span></a></span> My bank stopped issuing <a href="https://infosec.space/tags/girocard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>girocard</span></a> cards with <a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a> 10+ years ago as magstrip was phased out and <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> was phased in as well as <a href="https://infosec.space/tags/PSD1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD1</span></a> being introduced.</p><ul><li>Even before that merchants rarely accepted magstrips and those who did asked for <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ID</span></a> as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike <a href="https://infosec.space/tags/Chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chip</span></a> + <a href="https://infosec.space/tags/PIN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PIN</span></a> the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.</li></ul><p>That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.</p><ul><li>There's a nice <a href="https://www.youtube.com/watch?v=eFYrboLEx2I&t=2043" rel="nofollow noopener" target="_blank">podcast</a> with <a href="https://infosec.space/tags/JohnBoseak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JohnBoseak</span></a> where he explains how stuff used to [and allegeldy still does] work in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> re: <a href="https://infosec.space/tags/CreditCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CreditCards</span></a>. Given that I worked for a <a href="https://infosec.space/tags/PaymentProcessor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaymentProcessor</span></a> in the past this is some basic knowledge re: <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, because one needs to understand how stuff like CNP (<em>"Card not Present"</em>) works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there <em>at all</em>. </li></ul><p>It's also insightful because <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.</p><ul><li>That's why one can get their <a href="https://infosec.space/tags/CC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CC</span></a> blocked when using a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.</li></ul><p>But that's just some cold OSINT based off <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSupport</span></a> and peeking behind the curtains professionally...</p><ul><li>There's way more but I can't go into details on that. </li></ul><p>Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.</p><ul><li>Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" <a href="https://infosec.space/tags/FinCEN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinCEN</span></a> et. al. won't even bother calling the account holder up simply because <em>"oops I wired money to the wrong account. Can you please send it back?"- <a href="https://infosec.space/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a></em> is a well-known method to turn unsuspecting people into money launderers.</li></ul><p>So yeah, that <em>"<a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a>"</em> may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as <a href="https://www.youtube.com/watch?v=UHSFf0Lz1qc&t=320" rel="nofollow noopener" target="_blank">service codes</a> [i.e. chip+pin only] to tell the terminal <em>"Don't accept magstrip, mandate Chip+PIN"</em>]...</p><ul><li>Outside the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a>, this is the norm due to <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> exceeding <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> by quite a lot!</li></ul><p>Only <em>underdeveloped</em> countries like the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> still use <a href="https://infosec.space/tags/Magstrips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magstrips</span></a> and <a href="https://infosec.space/tags/credit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credit</span></a> and not Chip+PIN & <a href="https://infosec.space/tags/debit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debit</span></a>!</p>
Bytes Europe<p>The National Bank of Serbia Publishes Regulatory Technical Standards and Extends PSD2 Compliance Deadline to January 1st, 2026 <a href="https://www.byteseu.com/912253/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/912253/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compliance</span></a> <a href="https://pubeurope.com/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> <a href="https://pubeurope.com/tags/SaltEdge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaltEdge</span></a> <a href="https://pubeurope.com/tags/Serbia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Serbia</span></a> <a href="https://pubeurope.com/tags/TechnicalStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechnicalStandards</span></a></p>
Bytes Europe<p>LUXHUB chosen by six Luxembourg banks as VoP service provider <a href="https://www.byteseu.com/910385/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/910385/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a> <a href="https://pubeurope.com/tags/InstantPayments" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InstantPayments</span></a> <a href="https://pubeurope.com/tags/Luxembourg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Luxembourg</span></a> <a href="https://pubeurope.com/tags/LUXHUB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LUXHUB</span></a> <a href="https://pubeurope.com/tags/OpenFinance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenFinance</span></a> <a href="https://pubeurope.com/tags/Payments" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Payments</span></a> <a href="https://pubeurope.com/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> <a href="https://pubeurope.com/tags/PSPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSPs</span></a> <a href="https://pubeurope.com/tags/Spuerkeess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spuerkeess</span></a> <a href="https://pubeurope.com/tags/verification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>verification</span></a> <a href="https://pubeurope.com/tags/VerificationOfPayee" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VerificationOfPayee</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@katrinakatrinka" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>katrinakatrinka</span></a></span> <span class="h-card" translate="no"><a href="https://universeodon.com/@digyoursoul" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>digyoursoul</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@molly0xfff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>molly0xfff</span></a></span> granted, compared to <a href="https://infosec.space/tags/CustomerProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerProtection</span></a> and <a href="https://infosec.space/tags/Regulations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Regulations</span></a> in the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a>, <a href="https://infosec.space/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> inctue <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> is a shitshow.</p><ul><li><a href="https://infosec.space/tags/Carding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Carding</span></a> as a form of <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> doesn't really exist here, and the few possibilities does.with <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> mandating <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3Dsecure</span></a> in <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SEPA</span></a> member nations...</li></ul>
rugk<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Xavier" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Xavier</span></a></span> Well… in an ideal world we would have a standarized (and obviously secure) API that (nearly) all banks use. Or maybe even a few per region or so.</p><p>Of course, we don't. So apparently <a href="https://chaos.social/tags/fintech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fintech</span></a> 's grew, which is their whole job to handle this (and maybe legal/complaint stuff).</p><p>In the <a href="https://chaos.social/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> we have regulation (<a href="https://chaos.social/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a>) which then allows such fintechs access to bank APIs and maybe this is somewhat standardized (?), but yet again… end-customers cannot access that? </p><p>see:<br><a href="https://chaos.social/@rugk/113788438170275630" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chaos.social/@rugk/11378843817</span><span class="invisible">0275630</span></a></p>
HALLOWIEGEHTS<p>PSD2 oder wie die Bundesdruckerei mit etwas das nichts kostet den Leuten Geld aus der Tasche zieht.<br>Die vermieten tatsächlich x509 Zertifikate, die nur 2 Jahre halten, und lassen sich das richtig gut kosten. <br>So ein Zertifikat zu erstellen ist ein Einzeiler in der Linux Konsole.</p><p><a href="https://goeppingen.social/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://goeppingen.social/tags/Bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bank</span></a> <a href="https://goeppingen.social/tags/psd2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>psd2</span></a> <a href="https://goeppingen.social/tags/money" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>money</span></a> <a href="https://goeppingen.social/tags/Geld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Geld</span></a> <a href="https://goeppingen.social/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a> <a href="https://goeppingen.social/tags/Korruption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korruption</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lucasmz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lucasmz</span></a></span> I guess you never had to do payments within <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> / <a href="https://infosec.space/tags/EFTA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EFTA</span></a> / <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SEPA</span></a> where <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> applies...</p><ul><li>Cuz <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3Dsecure</span></a> is <a href="https://infosec.space/tags/VISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VISA</span></a>'s implementation of it!</li></ul><p>Basically it boils down to mandating <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> via <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> or <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> for any substantial online transaction...</p>
Quincyrant, absichtlich falsch verstandene technik
dreiwert<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@kuketzblog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kuketzblog</span></a></span> Gibt es empfehlenswerte (idealerweise quelloffene) Authenticator-Apps, die als <a href="https://digitalcourage.social/tags/psd2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>psd2</span></a> Authentifizierungsfaktor zulaessig sind?</p><p><a href="https://digitalcourage.social/tags/appzwang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appzwang</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> +9001%</p><p>The sheer amount of <em>liabilities</em> if not legal through <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>, but indirectly through.mandated <a href="https://infosec.space/tags/standards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>standards</span></a> like <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> & <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> are the reason one should avoid storing them at all costs!</p>
Erik van Straten<p>After reading more in <a href="https://developer.mastercard.com/open-banking-europe/documentation/licensed/aiia-enterprise/production/tpp-certs/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.mastercard.com/open-</span><span class="invisible">banking-europe/documentation/licensed/aiia-enterprise/production/tpp-certs/</span></a> I noted:</p><p><<< We do not require a pass-phrase for the private key.<br>[...]<br>The requirement to set hostname on QWAC certificates is somewhat confusing, as this is a requirement for TLS server certificates, whereas QWAC certificates are TLS client certificates. >>></p><p>WHAT?</p><p>From <a href="https://crt.sh/?id=12752024628" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?id=12752024628</span><span class="invisible"></span></a>:</p><p><<< X509v3 Extended Key Usage:<br>TLS Web Client Authentication, TLS Web Server Authentication >>></p><p>If my understanding is correct, an attacker who obtains access to the private key, sends a phishing mail asking to open https:⁄⁄bunq-com.aiiaclient.com and is able to inject falsified DNS replies (or some other possible network-based attacks), can trick users by showing them a fake bunq website - notably using a QWAC?</p><p>I surely hope that I misunderstand all of this.</p><p>If not: which idiot decided to put a domain name (instead of, for example, an email address) in a QWAC intended for client authentication?</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>agl</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Tarah" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Tarah</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@ScottHelme" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ScottHelme</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span> </p><p><a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/ClientAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClientAuthentication</span></a> <a href="https://infosec.exchange/tags/ClientCertificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClientCertificate</span></a> <a href="https://infosec.exchange/tags/ClientCertificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClientCertificates</span></a> <a href="https://infosec.exchange/tags/ServerCertificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ServerCertificate</span></a> <a href="https://infosec.exchange/tags/ServerCertificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ServerCertificates</span></a> <a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://infosec.exchange/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a></p>
https://purl.org/rzr#<p><a href="https://talk.maemo.org/showthread.php?p=1572325#post1572325#" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">talk.maemo.org/showthread.php?</span><span class="invisible">p=1572325#post1572325#</span></a> <a href="https://mastodon.social/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> : Yea I have been using a <a href="https://mastodon.social/tags/JP1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JP1</span></a> with <a href="https://mastodon.social/tags/AndroidRuntime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidRuntime</span></a> but will it be future proof ? to support "forced intrusive apps" from banks , state etc ? <span class="h-card" translate="no"><a href="https://hachyderm.io/@cyberlyra" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cyberlyra</span></a></span></p>
Ellen Timmer<p>Rekeninginformatiediensten zijn in Nederland mislukt en <a href="https://mastodon.nl/tags/openfinance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openfinance</span></a>/ <a href="https://mastodon.nl/tags/FIDA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDA</span></a> hoort er niet te komen | <a href="https://mastodon.nl/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a></p><p><a href="https://ellentimmer.com/2024/04/19/psd2-34/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ellentimmer.com/2024/04/19/psd</span><span class="invisible">2-34/</span></a></p>
André Bering<p>Die Gerätewechselprozesse bei verschiedenen Onlinebanken sind einfach so kaputt. Diese wurden von Experten mit Domänenwissen für Personen mit Domänenwissen entwickelt. Dieser ganze Mist kann keinem UAT mit Personen außerhalb einer Bank standhalten. </p><p><a href="https://chaos.social/tags/rant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rant</span></a> <a href="https://chaos.social/tags/onlinebanking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onlinebanking</span></a> <a href="https://chaos.social/tags/psd2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>psd2</span></a> <a href="https://chaos.social/tags/mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mfa</span></a></p>
Alex Jimenez<p>The State of <a href="https://mas.to/tags/OpenBanking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBanking</span></a>: Six Years After <a href="https://mas.to/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> </p><p><a href="https://thefintechtimes.com/open-banking-sixth-anniversary/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thefintechtimes.com/open-banki</span><span class="invisible">ng-sixth-anniversary/</span></a></p><p><a href="https://mas.to/tags/FinTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinTech</span></a> <a href="https://mas.to/tags/FinServ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinServ</span></a> <a href="https://mas.to/tags/Banking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banking</span></a></p>
Caroline<p><span class="h-card" translate="no"><a href="https://chaos.social/@hexmasteen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hexmasteen</span></a></span> Once upon a time, the <a href="https://hessen.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> standard was designed to support the requirements imposed on payment authentication by the <a href="https://hessen.social/tags/psd2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>psd2</span></a> in Europe. No browser ever implemented the corresponding extension (txAuth*), so it has been dropped from the resp. standard <a href="https://hessen.social/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a>. So with <a href="https://hessen.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> / <a href="https://hessen.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> you'll not be able to securely transmit transaction data to the <a href="https://hessen.social/tags/authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authenticator</span></a>, which is a requirement in <a href="https://hessen.social/tags/psd2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>psd2</span></a> (Art. 5, secure visualization). <a href="https://hessen.social/tags/banking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>banking</span></a> <a href="https://hessen.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://hessen.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload