Online transactions require a second factor which displays the actual amount to be transferred. This works by either an app which receives the transaction data (recipient, how much) over the network, or a device which takes the bank card and is used to scan something similar to a qr code. The device then displays the transaction data.
This makes sure a fraudulent site can’t easily change the amount or the recipient of a transaction, even if they somehow made an identical website (or close enough).
For remote transactions (e.g. online payments), the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising the risks in case of mistakes or fraudulent attacks.
I guess I don’t know what you mean by “authenticating transactions”.
Online transactions require a second factor which displays the actual amount to be transferred. This works by either an app which receives the transaction data (recipient, how much) over the network, or a device which takes the bank card and is used to scan something similar to a qr code. The device then displays the transaction data.
This makes sure a fraudulent site can’t easily change the amount or the recipient of a transaction, even if they somehow made an identical website (or close enough).
https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html
It’s not perfect, especially with people using a banking app and the second factor app on the same device for convenience sake.
Interesting. If they do that in the US some day, I would absolutely much rather buy that device than unroot my phone.