Ed Gerck wrote:
Suppose you choose "A4RT" as your codeword. The codeword has no privacy concern (it does not identify you) and is dynamic -- you can change it at will, if you
suspect someone else got it.

Compare with the other two identifiers that Citibank is using. Your full name is private and static. The ATM's last-four is private and static too (unless
you want the burden to change your card often).


I agree on the privacy issue, your point is well taken there.

Lance James wrote:

But from your point, the codeword would be in the clear as well. Respectively speaking, I don't see how either solution would solve this.


Ed Gerck wrote:

List,

In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the
ATM card.





--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Have Phishers stolen your customers' logins? Find out with DIA
https://slam.securescience.com/signup.cgi - it's free!  


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to