Ben Laurie
Tue, 08 Jul 2008 07:45:17 -0700
Ivan Krsti? wrote:
On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:My experience with European banks is quite limited -- my consulting practice is pretty much US centric. My general understanding, however, is that they are doing better, not worse, with login security.As a data point, the largest bank in Croatia used to mail customers pre-printed TAN lists. Some number of years ago, they switched to (non-SecurID) tokens which require a 4-digit PIN to turn on, and then provide two functions: a login OTP and a challenge/response system for authorizing individual transactions. Your username is simply the token's serial number, though it's not clear if these are in fact serial.
Barclay's Bank in the UK uses little chip&pin machines you put your debit card into and provide the same functions as Ivan describes above. I have a spare one I've been meaning to dissect to see what's inside them. I wonder where I put it? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]