Any bank should have 2FA per each payment except some trusted platforms.
Exactly. I've had 2FA on banking since 20 years ago. However it has certain contextual details
- 20 years ago it was https e-banking with physical token - my bank issued those mini-calculator-alike OTP tokens, some other banks had a fixed OTP table card issued to users. Considering that electronic token had battery issues and when battery runs out new one needs to be provisioned (going to the bank in person), the WW2 table-card approach seemed like really nice choice
- 10 years ago it was Android/iPhone m-banking for private persons and e-banking for businesses.
- Some years ago they shut off e-banking, everyone goes to m-banking.
Now the current state is very important because the bank itself shut down 2FA+web access for a unified, PIN protected, mobile application. There is no 2FA, the pin decrypts the user certificate bundle. In the case of a hack that could've been prevented by 2FA - such as a mobile platform 0day or bank app 0day, the bank gets all the blame.
However the context is important
- Physical token can be hacked. The smartcard chip in it doesn't need to be, RF transmitter can be put on its output.
- The computer or browser running web e-banking can be infected, regardless of 2FA token
- Having a 2nd mobile 2FA brings little added functionality - the second mobile can also be hacked
- The enterprises all over the world are supporting store downloaded 2FA apps for both Apple and Android, meaning they already deem the rootless smartphone as secure enough
- The "security level" will also increase by time as corporate grasp on the users tightens. It will be expected the user has a HSM chip inside a wall garden smart-device, and that applications will run on it. Ofc this has wide negative consequences on the "IT life" but it will further raise security of average device against a random hack group.
Go to the bank to do your banking perhaps?
Although I have two bank offices inside 10 minutes of walk there are many many better things to do.
I get about 5 utility bills each month, those are all city/county/state offices or enterprises.
There are many old people, pensioners in this country. The bank offices, and the kiosks on the streets that you can pay your bills in, they are for them. They don't mind chatting up the worker, they don't mind sitting for 20 minutes in air conditioned space.
It takes 1 minute to process a bill for me, from the moment I take it from the post box. Open the envelope, check the numbers, shoot it via camera inside mobile app, paid in 3 taps, write down on the bill the date of payment and slip it into the archive.
There is no old 'bill gathering' phase where you wait for every utility to arrive, and then take a bunch of bills to the bank. Bills do not have a place in my life.
It would realistically take about 30 to 45 minutes round trip time to deal anything at a bank.
It is almost 40 degrees out here with 50 real feel due to moisture.
Give me one hour and I can get to the beach and back with 30 minutes in the sea, slowly, no pressure...
There is no worse chore than having to waste time on someone else's admin, even if I lived in a middle of nowhere I would rather waste time browsing store shelves for discounts than sit at bank or any other office wating for my number to pop up.