Ivan Krsti? wrote:
On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:
My experience with European banks is quite limited -- my consulting
practice is pretty much US centric. My general understanding, however,
is that they are doing better, not worse, with login security.
As a data point, the largest bank in Croatia used to mail customers
pre-printed TAN lists. Some number of years ago, they switched to
(non-SecurID) tokens which require a 4-digit PIN to turn on, and then
provide two functions: a login OTP and a challenge/response system for
authorizing individual transactions. Your username is simply the token's
serial number, though it's not clear if these are in fact serial.
Barclay's Bank in the UK uses little chip&pin machines you put your
debit card into and provide the same functions as Ivan describes above.
I have a spare one I've been meaning to dissect to see what's inside
them. I wonder where I put it?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
