I did think a bit more about formulating a concrete final request to mitigate risks that I am worried about. Security is about balancing risk with convenience, so there should be a free choice what measures to select. For me the risk with the bunq app is that there are no limitations in amounts being transferred. Any limits can be changed per direct using the phone APP. This makes yourself very vulnerable, because in theory a “bad” person has per direct access to all your bunq funds and all your funds on accounts from where you top-up using another APP (e.g. ING) on your same phone.
Risk: with force transferring money to other account.
Measure 1: Ability to set up a permanent additional security step for transferrals above a value of x. Changing the security step has a waiting time of x days. The additional security step is scanning a selected ID (passport, ID-card, drivers license). All ID’s must be uploaded to bunq upfront so they can be matched. You can per direct switch which ID is required, based on the circumstances. E.g in the Netherlands I would select my passport because normally that is at my home. Abroad I would select my drivers license if I have not rented a car. Or my ID-card when I have my passport with me and not my ID card. Choose the ID that you do not carry with you. Switching to another ID requires the actual selected ID to be scanned.
Measure 2: Have a trusted bunqer (not the person traveling with you) do an additional approval. To give an approval you have to phone the trusted bunqer and give a code. Or as below you have to phone 2 bunqers that take independent action before the payment goes thru.
Measure 3: Optionally In combination with measure 2, the ability to set up an enforced waiting time of x days for payment/transfers above value x to a new/unknown account number that is not used before. Changing the waiting time is subject to the enforced waiting time before activated and cannot be overuled in any way by phone. While the transfers/payments are within the waiting period and the account is temporarily blocked (see procedure below), these payments are put on hold.
In general for the above use case, assume the force-full person is also looking at the phone screen, so messages from the app must be distracting and not initiate aggression. E.g. A message like "For final payment phone your trusted bunqer" is to be avoided. Better to have a message like "Payment is in the queue subject to security review".
Risk: Stolen debit card where the pin-code might have been “shoulder surfed” or if there are other reasons when there is worry about misuse of cards and/or accounts and you do not have access to the bunq app anymore.
Measure 1: Set up max. 4+ trusted bunqers that you can call by phone and after exchanging a security token (a code or something else that is smart developed by bunq) the trusted bunqers can immediate and temporarily block your account. If you do not want to use a code you could also design it such that e.g you have to phone 2 out of the 4+ trusted bunqers that need to take independent action to activate the temporary block.
Measure 2: Call a phone line managed by bunq, and go thru a procedure e.g. with a code or some security questions that will result in temporarily blocking your account and debit cards.
Unblocking requires you to install the APP and go thru a number of security steps.
Probably not perfect yet, but in my a good start to start thinking about giving more choice in raising security when you feel it is required.
