Hello everyone, This is a rant. Don't say I didn't warn you :) . It's about EU Directive 2015/2366. This directive has been there for a while now, obviously. Yet it was only at the end of last December that it first came to my attention.
My bank notified me that, starting January 1st, I would only be able to make online purchases by confirming them in their smartphone app. They've given me *mere days* notice for something that had been cooking for 5 years. I've been without a fully functional credit card ever since. If you read the Directive, there is relevant material in articles 97(1) and 4(30) which require "strong authentication" with at least two factors. Not bad, I'd say. Except _all_ banks in my country of residence decided the second factor *must* be a smartphone and nothing else will do. I checked, I wrote to all of them. Oh, there is one that still offers a card reader, but when you try to open an account with them, it turns out they want you to install an app to do so, and that the card reader is being phased out. I think this may have to do with the processes that Visa and Mastercard put into place; it may well be that banks don't really have a choice in the matter, but I can only guess. The problem is that you need an Apple or Google phone, you need an account with either company, and there's no way around that. I was especially angry because this came at a time when most physical stores (except for groceries) were closed here; ordering online was not a luxury, but necessity, and I was left (almost) without ability to do so. There is a *single* bank that answered my query with some good news: their Android app doesn't require a Google account! You can actually download an APK from their web site, without going through the Play Store. Needless to say, I opened an account with them. I had to "augment" my Google-less LineageOS phone with microG because even their app relies on push notifications (which go through Google servers), but I was willing to make the compromise. Except ... confirming online payments doesn't really work. It turns out that the purpose behind supporting phones without Play Store is to support Huawei phones, no more, no less. So I tried the N26 bank which many of you probably know. I know people who use their app successfully on LineageOS+microG. But it turned out that the identity verification process fails on my phone, so I can't open an account. There are many reasons why I find the situation completely unacceptable, but let me just point out one. I find it incredible that an institution like a bank would require me, as their customer, to enter a relationship with some particular third party in order to use what is nowadays a basic service of the bank. And I mean *any* third party; that the required parties here are Google and Apple is merely the icing on the cake. Let me be clear: banks have other companies as contractors, they might as well outsource some stuff to Google. I don't care. I just don't want to enter a relationship with Google *myself* because that relationship is not subject to the same contracts and regulations as the relationship between a bank and its contractors. Let me finish this, before it gets too long, with two questions. First, am I the only one who was caught unawares by this situation? I mean, I admit that I don't read *every* single Free Software related piece of news, there's too much going on in our community for that. But I fancy myself far from clueless in these matters. Perhaps that's why it hurts more that I first heard about this not from some Free Software blog, but from my bank, and when it was already too late. Second, does anyone know a bank that is usable with Free Software only and will serve international customers? N26 was my last hope. Well, not *quite* my last hope, I still hope to be able to fix microG so that these apps would work. That's what we Free Software developers do, right? Scratch our itches? It's just that I'm not an Android developer, and debugging an app that is not your own is not something this system was designed for, I think. Also, I'd rather vote with my wallet and support a bank that actually supports Free Software (if there is such a thing) than hack proprietary apps that are (in the name of security) actively hostile to such attempts. Thanks for reading this far! Jure _______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct
