This is the case as I read it a few hours before, it also strengthens my case against banking apps. You see, the BBC (at https://www.bbc.com/news/business-64240140) gives us ‘Mobile phone fraud: ‘They stole £22,500 using my banking app’’ and we get “A pickpocket took Jacopo de Simone’s mobile phone and used his banking apps to steal £22,500”. In this case I have a few questions. You see, when I have my phone on me it is ALWAYS locked. A locked phone can still accept phone calls. So as I see “He said his bank investigated but found him liable for the losses so he is still fighting to get the money back.” To be honest, I cannot completely disagree, I also agree with “banks need to do more to tackle it, according to charity the Fraud Advisory Panel” which becomes the issue. I always though on a separate app that is NOT next to the app for certain bank activities and that app needs to receive a code within 30 minutes. And when the app receives three (my magic number) wrong codes the app is blocked from that person until he goes to one of his bank’s branches where they can unlock and reset the app. Everyone is always nagging about simplicity of usage, well if you are willing to surrender £22,500 for that convenience you are welcome to proceed, but somehow I feel certain that it is not worth that much money. So when I see “Criminals are stealing mobiles not for the device but to try to access finance apps to steal thousands of pounds, the Fraud Advisory Panel said” I feel a little happy as I keep zero financial apps on my mobile. I never ever trusted those and the Optus and Telstra issues we had in the last year merely strengthens my resolve on that issue. As such, when I see “Mr de Simone fell victim to the crime while walking around London Bridge in May 2022 when his phone was pickpocketed” the question comes back “How the hell did they unlock his phone?” Then there is “Use different pin numbers for unlocking your phone and opening banking apps” as well as “Don’t store passwords or pin numbers on your phone” in this case I never put pin numbers there and I do keep some passwords, but they are encrypted and my skill of half a dozen languages helped here and if these people can decipher those codes, good luck. The password for my discontinued UTS password is all yours. But there is another setting, like Google allowing for encrypted notes, encrypted via a number. I am a little surprised that they did not cover that after a decade (well, they dropped the ball on a few other matters too, one of those costed them 50 million subscribers). So there is always space to improve things. But when I look at the case of Jacopo de Simone I at present will side with the bank. Parts do not make sense, but the issue of improving security on banking apps remain, more needs to be done and a separate app makes sense. It reminds me of a solution 30 years ago that the insurance agent Aegon had. They called it Aegon LAR. The app contacted the server that agent X needed contact and within 60 seconds the server contacted the agent. As such all the security was on the server side and triggering a hack would not work from a remote location, it contacted the router on a specified number and there were security protocols in place, so you had to be there, you needed the codes and any deviation would stop activities. Simple and decently safe. How come we let all that slide for simplicity and ease of use?
It never made sense to me and I do not need a banking app for a few reasons and my distrust of security levels on a few levels makes me avoid ALL banking apps. It is just how I am wired, nothing personal, it is the application of Common Cyber Sense.