Raiffeisen PhotoTAN Registration

A major bank in Switzerland has an MFA that uses PhotoTAN. It took me dozens of attempts over three days to finally be able to register the app.

This isn’t the first time that this has happened. I’d reset my phone in July and I’d had to go through this for a couple of days then. When my partner reset their phone in August, it took days to register. In September, I’ve moved into a new phone and had to set up the app again.

• It often failed to even send an SMS
• 17 times it managed to send an SMS, but failed to register based on it
• The 18th time was the charm

This is for a banking app, to enhance security. I feel very secure knowing how buggy their server software is for registering devices.

Here are some screenshots of the SMSs that landed on my phone over three days. You can see that I even got a few false activation messages. They were false because the app very clearly indicated that the registration procedure had crashed the same as it had on the previous dozen attempts.

I’ve finally managed to register, but now my partner is setting up a new phone and is back on this server-error-500 treadmill. This is shockingly bad behavior for any software, but all the more so for a bank’s security mechanism.