please, can people tell us about what their country's liability framework is, as they understand it, and where the onus of proof is for what sorts of transactions?
this is one of the few areas where consumers have some actual protection in the us. due to ross anderson, i have heard about the uk. has this been harmonized in the eu? many other countries are a mystery to me. it would seem to me even in countries with pro-bank/anti-consumer stances the risk could be limited by putting few eggs in that basket, rather than giving up on using baskets entirely. as an offering from left field, here's an pretty good paper about fraud and identity in .au and .nz http://www.aic.gov.au/conferences/other/smith_russell/2003-09-identity.html On Mon, Dec 05, 2005 at 07:09:33PM +0100, Jonathan Thornburg wrote: > I would never use online banking, and I advise all my friends and > colleagues (particularly those who _aren't_ computer-security-geeks) > to avoid it. > > > >On Sun, Dec 04, 2005 at 05:51:11PM -0500, [EMAIL PROTECTED] wrote: > >I've been using online banking for many years, both US and Germany. > >The German PIN/TAN system is reasonably secure, > >being an effective one-time pad distributed through out of band channel > > Ahh, but how do you know that the transaction actually sent to the > bank is the same as the one you thought you authorized with that OTP? > If your computer (or web browser) has been cracked, you can't trust > _anything_ it displays. There are already viruses "in the wild" > attacking German online banking this way: > http://www.bsi.bund.de/av/vb/pwsteal_e.htm > > > I also don't trust RSAsafe or other such "2-factor authentication" > gadgets, for the same reason. > > [I don't particularly trust buying things online with a credit card, > either, but there my liability is limited to 50 Euros or so, and the > credit card companies actually put a modicum of effort into watching > for suspicious transactions, so I'm willing to buy (a few) things online.] > > ciao, > > -- > -- Jonathan Thornburg <[EMAIL PROTECTED]> > Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), > Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html > "Washing one's hands of the conflict between the powerful and the > powerless means to side with the powerful, not to be neutral." > -- quote by Freire / poster by Oxfam > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]