Your banks don’t have websites and apps in Belgium?
this post was submitted on 04 Nov 2023
30 points (96.9% liked)
No Stupid Questions
35309 readers
893 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 1 year ago
MODERATORS
Banks are gradually removing features from their websites in a progression toward complete elimination of the website. Some banks have already taken that step. They impose an app whilst also closing their over-the-counter service.
Unlike the US, 1-factor authentication by banks is illegal in Belgium. So for web access banks typically hand out devices for 2FA. Some banks avoid that cost by imposing a smartphone app in lieu of a card reader or RSA token (BYO smartphone).
There are many problems with bank apps in Belgium:
- You must buy smartphone hardware (the apps detect when they are executed inside a virtual machine & deny service [tested with Ing’s app])
- You must patronize a surveillance capitalist (create a Google or Apple account)
2.1. You must subscribe to mobile phone service in order to satisfy Google’s unreasonable demand for a mobile phone number as a precondition to obtaining an account
2.2. You must trust Google with your mobile phone number, IMEI number, and inventory of apps & versions you download (thus a reconnaissance risk)
2.3. When Google records your place of banking, you must trust Google not to share that info (with debt collectors, for example) - All bank apps in Belgium are closed-source, so you must trust the apps not to carry spyware and to work in your interests
3.1. The bank’s privacy policies are written to allow your realtime location to be tracked via the app. - You must chronically upgrade your hardware every few years because the bank apps are upgraded with reckless disregard to the lockstep-coupling of hardware to software on all phone platforms that are supported by Belgian banks. You cannot run a VM to prevent irresponsible electronic waste (see point 1)
The #GDPR possibly (and only symbolically¹) protects from some of that, such as Google sharing your place of banking with debt collectors. But the GDPR does not prevent criminal exfiltration of data that cavalier consumers trustingly agree to the collection of.
Footnotes:
- I say “symbolically” because consumers only have two pathways for remedy under the GDPR: article 77 & direct lawsuit. Article 77 has no teeth. When the DPA ignores/mothballs an art.77 complaint, there is no mechanism for action against the DPA. So DPAs are largely neglecting to treat art.77 reports. That leaves direct lawsuits. The EU has decided that GDPR plaintiffs are not entitled to compensation for legal fees. So that kills that option. You can get a symbolic win in court but you still lose because lawsuits are costly and the damages you can prove are negligable. So the GDPR boils down to an honor system.
I say this with the best intentions, and you have every right to take all these things into consideration, but you're sounding very paranoid. I think your best option would be to immediately withdraw any funds you receive and keep a completely paper administration.
It’s more about ethics than security. I’m an ethical consumer, which means I will not patronize unethical companies. Feeding data to Google is as good as feeding money to Google. Google is part of the fossil fuel industry (they are in partnership with Totaal oil and use AI to help Totaal find places to drill for oil). My objection to Google collecting data on me is less about cyberattack and more about not supporting a harmful force in the world.
I’m also ethically opposed closed-source software because I think it misplaces power. The worst kind of misplacement of power is to give it to tech giants who abuse their power and use it against consumers.
I’m also ethically opposed to software designs that make phones disposable and force the disposal of perfectly good hardware. I’ll buy a smartphone after that problem is fixed. #RightToRepair is still insufficient. There needs to be a rule that the moment a phone maker decides to stop supporting a device, they must do whatever necessary to ensure the platform (kernel + drivers + gui) are FOSS at that point of dropped support. I’ll wait for it. I can hold out as long as needed.
W.r.t. paranoia, street wise people and those with some infosec background always seem “paranoid” to normal people. And to us, normal people are cavalier because they needlessly share information without applying the rule of least privilege. Privilege should only be granted on an as-needed basis and that includes access to information. It’s unreasonable for banks to snoop on people arbitrarily without a warrant. It’s not just that the banks abuse the info, but the overcollection exposes everyone to exfiltration by criminals. That’s not fiction - it has happened. (Captial One via Amazon contractor, Equifax, several other banks including a bank breach I recently detected but have not reported yet). I have already been the victim of multiple data breaches even with some diligence to not be completely reckless.
Trusting banks with sensitive info is the least of the problems I describe & possibly not a show-stopper in itself. But taking everything together I remain baffled at the zombie masses endorsing & supporting all of it. A basic information security class should perhaps become part of the mandatory secondary school cirriculums at this point.
My man.. You are not getting around the tracking. It's never going to happen. Unless you literally toss everything with a network connection and disconnect from the electric, gas, and water grids, you are going to be tracked.
You are not getting around the tracking. It’s never going to happen.
I do. I only access banks electronically if they accommodate Tor. The bank only gets to know my physical location when I do a transaction where that’s unavoidable. Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.
I only access banks electronically if they accommodate Tor.
So they know when you logged in and what you did when you got there. So you can't escape it there.
The bank only gets to know my physical location when I do a transaction where that’s unavoidable.
So you can't escape this either.
Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.
They would get nothing except the time, location, amount, business, and how that relates to the other purchases you make and all the data those transactions generate as well. That data is shared with the bank, Visa or MasterCard, and all credit reporting agencies. This is unavoidable too.
You are not getting out of this unless you allow it to seriously affect your life.
I figured you were trolling but gave you the benefit of the doubt right up until you mentioned “all credit reporting agencies”, in Belgium. There are no credit bureaus in Belgium, only a central bank which (unlike US credit bureaus) is public sector and not interested in grabbing data for profit, or in obtaining any data it’s not legally required to obtain.
Nice try though.
But FYI, your assumption would be wrong even in the US as well. Request your credit report from whichever credit bureau you believe is buying location data from your mobile phone provider. Notice the realtime location data is not on that report. Then go to your local small claims court and spend ~$100 to open a lawsuit against them for $1k (+~100 in court costs). Bring to court proof that they acquired your realtime CDMA/GSM location data, a copy of your credit report showing it’s not there, and a copy of the federal law requiring that consumer credit reports are complete when sent to the subject of the report (yourself). It might be the easiest $1k you’ve earned. You don’t have to prove actual damages either because the statute specifies $1k per violation. If you can catch all three credit bureaus doing what you claim, that’s an easy $3k. You can even hit all 3 in one case. Good luck!
BTW, I don’t put much stock into what you’re saying at this point but I am curious about the claim that phone providers are sharing sensitive personal info with Visa and Mastercard. Cardholders are just a number to visa & mc. Visa & MC do not even typically know the names of card holders. Exceptionally, if you buy airfare using a credit card, then the airline reveals the name of the passenger to the credit card company. Though to store that name as the account holder is ad hoc because they would have to make the assumption that the passenger and the buyer are the same person.
Hello,
You'll probably get better answers on [email protected] or [email protected]
Which bank is yours?
I know Belfius still has a few ATMs inside the building, they do show your balance. During the day you can enter without swiping your card, but after certain hours you have to your card to get in.
Also, they have the banking app so you can always check your balance and do payments as long as you have a debit or credit card. Unless you have a special expenses card when in debt collection I think.
That's unexpected.
I've never thought about it before. In the UK getting your balance is on every ATM. The ATMs are all different makes and models, interfaces, OSes, different banks, etc. the only thing I can think of that is the same is they are all connected to LINK - maybe they have set standards for what they should all have/have not?
Anti-feature: you must enter your PIN before it shows you the menu. Does that mean it connects to my bank even in the absense of a transaction?
This is the same in the UK. They request your PIN immediately after putting in your card (althogh I think if you use a credit card it will prompt for your language first), but it doesn't use it until it needs to connect to your bank (I know this after knowingly mistakenly putting in my PIN, then attempting to get my balance or something and then the card is ejected and the message about incorrect PIN appears).
I think in the UK each bank enquiry results in the ATM operator getting paid. So they ask you like three times if you want to see your balance because they get money for that as well as just the cash dispensing.
As far as I know, European banks never give you the option for balance inquiry. ATMs in e.g. Asia may give the option but it won't work with a European bank card.
Dutch ATMs give a balance.
Not with my ING account
oh, that’s interesting. I wonder if card-issuing banks are blocking balance inquiries even if ATMs offer it. I don’t think I saw Ing ATMs in Netherlands, only the conglomerate they are partnered with (geldmaat). The Geldmaat ATMs print “credit limit” on the receipt.
Is there no number on your card you can call and get your balance using an automated system?
No. There are a couple unpublished phone numbers but they’re a disaster. I’ve not encountered a Belgian bank that gives automated account info over the phone. Last time I called I think it was just a greeting saying “contact us through the app or email” or something like that, IIRC.
I've never seen a check balance option ever when not using my own banks ATM over here. ING does still have ATM's in a few places, KBC and Belfius definitely do as well. Also you forgot Argenta and Bpost which has them as well. Honestly don't think you'll be able to perform a balance check on any of them.