Comment by Wowfunhappy

Comment by Wowfunhappy 10 hours ago

3 replies

View on Hacker News

Why does most fraud come from locked down mobile devices and not open Windows/Linux PCs?

If it's true that 90% of fraud comes from mobile despite all of the restrictions, what that tells me is that locking down devices doesn't actually prevent fraud.

---

> before we even get into the mobile app having features the desktop one does not (P2P payments, check deposit, etc.)

I think it would be reasonable to disable those specific features on mobile while leaving the rest of the app accessible.

Actually, back when jailbreaking iOS was still actually feasible, I recall the Chase app doing exactly that. The app worked fine, but it wouldn't let me deposit checks, I had to go to a branch for that. A bit annoying, but I can mostly understand that one.

bri3d 9 hours ago

> If it's true that 90% of fraud comes from mobile despite all of the restrictions

Statistics on mobile vs. desktop banking will really shock you; the mobile usage penetration is easily well upwards of 90% in many markets. There's also a skewed distribution for fraud-vulnerable users and scenarios.

> I think it would be reasonable to disable those specific features on mobile while leaving the rest of the app accessible.

I agree with you in an idealist sense; it would be awesome to be able to use GrapheneOS and have 80% app functionality instead of 0% app functionality. I also completely understand why nobody does it; supporting what's probably <0.001 (if not lower)% of legitimate users in exchange for development time and fraud risk isn't a particularly appealing tradeoff. If I were in a situation to advocate for such a trade-off, I probably would, but I don't think it's evidence of a sinister conspiracy that nobody does that.

Reply View 2 replies
  • Wowfunhappy 8 hours ago

    > Statistics on mobile vs. desktop banking will really shock you; the mobile usage penetration is easily well upwards of 90% in many markets. There's also a skewed distribution for fraud-vulnerable users and scenarios.

    But if my goal was to commit fraud, wouldn't I go to wherever it was easiest to commit fraud? The actual market penetration of each platform shouldn't matter.

    Reply View 1 reply
    • dsymonds 8 hours ago

      It's usually done in bulk, so the overall payoff is the combination of value and number of targets, but the effort is typically sublinear with the targets. Something easier to attack but relatively low in number is not as juicy as something a bit harder (where the effort is mostly a one-off up-front rather than per target) but having many, many more targets.

      Reply View 0 replies