I think the way it works is this. You have the people who actually understand A) security and B) how computers work and C) how email works and D) how the internet works and E) the things that people get up to and F) the stupid things that users do. That's a small number of people. Me, of course, and obviously you.
Then you have the people who write the rules that banks make for themselves. They understand a few of the above, and, of course, they're pants at communication. Then you have the bank staff who try to comply with the rules so incomprehensibly written, and without any understanding of the basis for those rules, which themselves were written by goldfish. But what they do understand, is that if they stick to the rules, they can't be fired if something goes wrong, and if they don't stick to the rules, they can be fired. And then you have the users; that's you and me again, plus your granny, plus Joe Lunchmeat, plus Evir Ghord Hruwhem. All we want is a convenient service without any stupid security restrictions. Except we don't want anyone stealing our money. And we don't know the rules the banks work by, because they're secret, except when we bump up against one of them, and even then we don't find out what the rule is, we only find out what the bank clerk thinks the rule is. On Wed, 22 Jul 2009, Rich Kulawiec wrote: > On Wed, Jul 22, 2009 at 09:43:55AM +0100, Drsolly wrote: > > And this is a bank. > > > > And we wonder why there's fraud ... > > About a year ago, I went several rounds with a local financial institution > while trying to deposit money into an account. They wanted a thumbprint > in order to verify that fraud wasn't being attempted, and were utterly > impervious to the point that it was a DEPOSIT, not usually a profitable > means of fraud. > > ---Rsk > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
