Strange
I read this article and got the impression that their advocating an app, over a potentially out of band communication.
The only way that I could think that this would be safe is if the app is on a standalone device.
for example it uses wifi comms to transmit the data to the authenticating device, including amount, who the transaction is to etc, which is then displayed on the authenticator for approval, before being wrapped up and signed by the authenticator.
i.e. another device with all the foibles of a mobile phone, but is only allowed to run the one app.
I can't see that being popular.
Biting the hand that feeds IT
