Iman

I appreciate the need for a reality check, and I can provide some context from my experience working with Canadian banks that the requirement for dual authorization is a necessary...

> > I agree with the language introduced by [#1437 (comment)](https://github.com/OWASP/ASVS/issues/1437#issuecomment-1910451384), as it clearly specifies that this only applies where the functionality is supported. > > Ok so that language...

> * Who decides what is sensitive enough to require extra controls? My concern was around fintech related apps, specially banks, to avoid frauds.

Hi @ThunderSon, is there any update?