US Senate Banking Chair Asks CFPB How It Plans to Address Risks of Chime and Other Banking Apps — ProPublica

https://www.propublica.org/article/senate-banking-chair-asks-cfpb-how-it-plans-to-address-risks-of-chime-and-other-banking-apps#1096604

Britain is the world capital of bank fraud

"enabled partially by Britain's instant electronic transfers"

https://boingboing.net/2021/10/14/britain-is-the-world-capital-of-bank-fraud.html

^{New wrinkle:}

Fraud: 'I had £18,000 stolen after my drink was spiked' - BBC News
https://www.bbc.com/news/business-59494524

>Fraud: 'I had £18,000 stolen after my drink was spiked' - BBC News

Had me wondering how it was done. For me, there's a pass phrase in the app where you enter 3 characters of it. 3 incorrect entries and you're locked out. Guess the banks in question don't have that protection.

With that out the way, the rest sounds trivial.

Hypothesis: His apps are using Touch ID or Face ID, no code required. Since he's drugged, the criminals have access to both. That's both how they get into the phone and into the accounts. iPhones only require reauth with the code if the system has rebooted or the cookie (or whatever it is in the app world) has expired.

Makes one think about the issue with having a single system for both opening the phone and opening a financial app. If you're drugged, if effectively circumvents and 2FA. Pause for thought

>Hypothesis

Debbie says 'Bingo!'  His biometrics could still be available.

This thread also relates to the recent craptop thread and why my devices that leave the house are loaded with select sites and bookmarks.  I also switch browsers on those devices so there won't be any possibility of syncing.

I do no banking online. No NFC payments either.

I don't use biometric access, just old fashioned PIN.  Plus I have not been in a bar or party drinking since pre covid.

>Hypothesis

Yes.

Old: Drug them and harvest organs.
New: Drug them and steal crypto.

Another one;

Man stole $23K using ex's phone through facial recognition while she slept
https://nypost.com/2021/12/13/man-steals-23k-using-exs-phone-through-facial-recognition-report/

>>Don't bank online

I would gloss that last one as "Don't date a con artist."

Hacker steals Sydney man's life savings after simjacking
https://www.9news.com.au/national/optus-sim-swap-hack-robs-sydney-man-of-life-savings/4e1dcac8-a6e7-4030-a4a0-b18c87bbb019

^{Plaid is the 3rd-party engine behind a lot of online fintech.}

Plaid is an evil nightmare product from Security Hell
https://drewdevault.com/2022/02/19/Plaid-is-an-evil-nightmare-product.html

New Xenomorph Android malware targets customers of 56 banks
https://www.bleepingcomputer.com/news/security/new-xenomorph-android-malware-targets-customers-of-56-banks/

US financial institutions reported nearly $1.2 billion on likely ransomware-related payments last year, most commonly in response to breaches originating with Russian criminal groups, according to the Treasury Department. - Bloomberg

https://www.bloomberg.com/news/articles/2022-11-01/us-banks-spent-1-billion-on-ransomware-payments-in-2021-treasury-says

Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

https://www.bbc.co.uk/news/business-64240140