And because it has not required some open standard as a replacement, I now have hundreds of MB of different bloatware bank apps on my phone, each of which I have to use in a slightly different way when logging into my bank accounts, usually with scanning barcodes or remembering yet another PIN. Migrating to a new phone is a nightmare.

For extra convenience, PSD2 also mandated a logout after 5 minutes of inactivity.

Some of the ideas behind PSD2 are great, but the outcome is about as good as the cookie directive.

Absolutely agreed. I expect consolidation to happen in the next couple of years on this. Banks who do it well, will win customers.

I've only seen it get worse, and I don't expect that to change.

One of my apps where I spend money on a regular basis (always similar small amounts, always from the same phone, usually from the same IP) constantly triggers 2FA via my banking app. Even as an informed customer, I have no idea whether to blame that app, their payment gateway, Visa/Mastercard, or my bank (that issued the credit card) for that bullshit.

The previous situation (banks absorb the fraud) seemed much better for me as the customer, and banks stuck with it. PSD2 made it so that customers can't pick their bank based on which is more convenient, by making them all at least roughly equally inconvenient. Few people will bother to change banks over this, and even fewer banks will feel enough pressure to actually improve.

Yep, and the banks are literally reaching the deadline as we speak. All my EU banks are notifying me that within a week or so the SMS codes will stop working, and their mobile app will be required for 2FA.