ATMs I’ve checked:

BNP Paribas: no balance inquiry option. Nor did it print the balance on the receipt.

Attijariwafa: no balance inquiry option. Both ATMs are always out of paper, so no way to check whether the balance would be printed on the receipt. Anti-feature: you must enter your PIN before it shows you the menu. Does that mean it connects to my bank even in the absense of a transaction?

Ing: no longer has ATMs?
KBC: no longer has ATMs?
#Belfius: no longer has ATMs? (answered)
Aion: only has 1 ATM (unplugged & vandalized)
Europabank: has no ATMs?
DHB bank: has no ATMs?
Fintro: ATM is the same as BNP Parabas?
BBVA: do they still exist?
Bank of Baroda: has no ATMs?
Beobank: didn’t check if they have any ATMs
Keytrade: likely has no ATMs
BinckBank: likely has no ATMs

Batopin (3rd party w/Ing & KBC): no balance inquiry option.

This website claims to give a way to check your balance, but I’m not so trusting:

https://www.getmybalance.com/

  • ciferecaNinjo@fedia.ioOP
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    1 year ago

    Banks are gradually removing features from their websites in a progression toward complete elimination of the website. Some banks have already taken that step. They impose an app whilst also closing their over-the-counter service.

    Unlike the US, 1-factor authentication by banks is illegal in Belgium. So for web access banks typically hand out devices for 2FA. Some banks avoid that cost by imposing a smartphone app in lieu of a card reader or RSA token (BYO smartphone).

    There are many problems with bank apps in Belgium:

    1. You must buy smartphone hardware (the apps detect when they are executed inside a virtual machine & deny service [tested with Ing’s app])
    2. You must patronize a surveillance capitalist (create a Google or Apple account)
      2.1. You must subscribe to mobile phone service in order to satisfy Google’s unreasonable demand for a mobile phone number as a precondition to obtaining an account
      2.2. You must trust Google with your mobile phone number, IMEI number, and inventory of apps & versions you download (thus a reconnaissance risk)
      2.3. When Google records your place of banking, you must trust Google not to share that info (with debt collectors, for example)
    3. All bank apps in Belgium are closed-source, so you must trust the apps not to carry spyware and to work in your interests
      3.1. The bank’s privacy policies are written to allow your realtime location to be tracked via the app.
    4. You must chronically upgrade your hardware every few years because the bank apps are upgraded with reckless disregard to the lockstep-coupling of hardware to software on all phone platforms that are supported by Belgian banks. You cannot run a VM to prevent irresponsible electronic waste (see point 1)

    The #GDPR possibly (and only symbolically¹) protects from some of that, such as Google sharing your place of banking with debt collectors. But the GDPR does not prevent criminal exfiltration of data that cavalier consumers trustingly agree to the collection of.

    Footnotes:

    1. I say “symbolically” because consumers only have two pathways for remedy under the GDPR: article 77 & direct lawsuit. Article 77 has no teeth. When the DPA ignores/mothballs an art.77 complaint, there is no mechanism for action against the DPA. So DPAs are largely neglecting to treat art.77 reports. That leaves direct lawsuits. The EU has decided that GDPR plaintiffs are not entitled to compensation for legal fees. So that kills that option. You can get a symbolic win in court but you still lose because lawsuits are costly and the damages you can prove are negligable. So the GDPR boils down to an honor system.
    • Thavron@lemmy.ca
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      I say this with the best intentions, and you have every right to take all these things into consideration, but you’re sounding very paranoid. I think your best option would be to immediately withdraw any funds you receive and keep a completely paper administration.

      • ciferecaNinjo@fedia.ioOP
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        It’s more about ethics than security. I’m an ethical consumer, which means I will not patronize unethical companies. Feeding data to Google is as good as feeding money to Google. Google is part of the fossil fuel industry (they are in partnership with Totaal oil and use AI to help Totaal find places to drill for oil). My objection to Google collecting data on me is less about cyberattack and more about not supporting a harmful force in the world.

        I’m also ethically opposed closed-source software because I think it misplaces power. The worst kind of misplacement of power is to give it to tech giants who abuse their power and use it against consumers.

        I’m also ethically opposed to software designs that make phones disposable and force the disposal of perfectly good hardware. I’ll buy a smartphone after that problem is fixed. #RightToRepair is still insufficient. There needs to be a rule that the moment a phone maker decides to stop supporting a device, they must do whatever necessary to ensure the platform (kernel + drivers + gui) are FOSS at that point of dropped support. I’ll wait for it. I can hold out as long as needed.

        W.r.t. paranoia, street wise people and those with some infosec background always seem “paranoid” to normal people. And to us, normal people are cavalier because they needlessly share information without applying the rule of least privilege. Privilege should only be granted on an as-needed basis and that includes access to information. It’s unreasonable for banks to snoop on people arbitrarily without a warrant. It’s not just that the banks abuse the info, but the overcollection exposes everyone to exfiltration by criminals. That’s not fiction - it has happened. (Captial One via Amazon contractor, Equifax, several other banks including a bank breach I recently detected but have not reported yet). I have already been the victim of multiple data breaches even with some diligence to not be completely reckless.

        Trusting banks with sensitive info is the least of the problems I describe & possibly not a show-stopper in itself. But taking everything together I remain baffled at the zombie masses endorsing & supporting all of it. A basic information security class should perhaps become part of the mandatory secondary school cirriculums at this point.

    • thelastknowngod@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      My man… You are not getting around the tracking. It’s never going to happen. Unless you literally toss everything with a network connection and disconnect from the electric, gas, and water grids, you are going to be tracked.

      • ciferecaNinjo@fedia.ioOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        You are not getting around the tracking. It’s never going to happen.

        I do. I only access banks electronically if they accommodate Tor. The bank only gets to know my physical location when I do a transaction where that’s unavoidable. Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.

        • thelastknowngod@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I only access banks electronically if they accommodate Tor.

          So they know when you logged in and what you did when you got there. So you can’t escape it there.

          The bank only gets to know my physical location when I do a transaction where that’s unavoidable.

          So you can’t escape this either.

          Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.

          They would get nothing except the time, location, amount, business, and how that relates to the other purchases you make and all the data those transactions generate as well. That data is shared with the bank, Visa or MasterCard, and all credit reporting agencies. This is unavoidable too.

          You are not getting out of this unless you allow it to seriously affect your life.

          • ciferecaNinjo@fedia.ioOP
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            I figured you were trolling but gave you the benefit of the doubt right up until you mentioned “all credit reporting agencies”, in Belgium. There are no credit bureaus in Belgium, only a central bank which (unlike US credit bureaus) is public sector and not interested in grabbing data for profit, or in obtaining any data it’s not legally required to obtain.

            Nice try though.

            But FYI, your assumption would be wrong even in the US as well. Request your credit report from whichever credit bureau you believe is buying location data from your mobile phone provider. Notice the realtime location data is not on that report. Then go to your local small claims court and spend ~$100 to open a lawsuit against them for $1k (+~100 in court costs). Bring to court proof that they acquired your realtime CDMA/GSM location data, a copy of your credit report showing it’s not there, and a copy of the federal law requiring that consumer credit reports are complete when sent to the subject of the report (yourself). It might be the easiest $1k you’ve earned. You don’t have to prove actual damages either because the statute specifies $1k per violation. If you can catch all three credit bureaus doing what you claim, that’s an easy $3k. You can even hit all 3 in one case. Good luck!

            BTW, I don’t put much stock into what you’re saying at this point but I am curious about the claim that phone providers are sharing sensitive personal info with Visa and Mastercard. Cardholders are just a number to visa & mc. Visa & MC do not even typically know the names of card holders. Exceptionally, if you buy airfare using a credit card, then the airline reveals the name of the passenger to the credit card company. Though to store that name as the account holder is ad hoc because they would have to make the assumption that the passenger and the buyer are the same person.