At 11:06 +1100 19/12/13, Jim Birch wrote: >From the behaviour of banks we might infer: >(1) Multifactor identification is too hard for a proportion of their >customers >(2) The actual level of successful hacking is passably low
I think that factor needs re-phrasing, e.g.: (2) The level of successful hacking that costs banks serious money or material reputational harm is sufficiently low. Costs can arise from: - refunds that can't be charged on to someone else - seldom? - handling complaints Reputational harm can arise from: - customers churning away from that particular bank faster than they churn inbound - a media stink that is sustained over 2-4 years, and becomes serious enough for regulators to start asking awkward questions >(3) So, it is simpler to run suspicious activity monitors and guarantee >accounts _______________________________________________________________________ >On 19 December 2013 10:23, David Lochrin <dloch...@d2.net.au> wrote: > >> On 2013-12-18 15:23 Dr Bob wrote: >> >> > As I said in my original email, ING and CitiBank required the use of a >> token and each have provided a RSA fob. >> >> Sorry for the spam then - I should have read your email more closely >> before responding! >> >> > As an aside, ING and Citibank have provided me with an RSA fob to verify >> who I am in certain transactions. I wonder as well if having a fob to >> generate a one time password is more secure (not ignoring the fact that RSA >> got hacked a some time ago). >> >> Westpac will also provide an RSA SecurID fob for authorisation of >> withdrawals over a certain user-defined amount, though I think I had to >> request one. The RSA attack was over two years ago I believe and involved >> theft of the database which maps each fob serial-number to its seed, so any >> SecurID device manufactured since shortly afterwards should be reasonably >> safe. >> >> >> > Thanks for your email though. Also thanks for everyone else who have >> made suggestions. I am looking at Tails and that seems an interesting >> option but nothing is really secure I guess. I just have to keep a wary eye >> on the accounts. >> >> I have never had any hack into my Internet banking in the 16-odd years >> I've had accounts (touch wood...) however I moved away from Windows many >> years ago and I wouldn't have an account without something-you-have access >> control. If you feel able to speak about it I'd be interested to know if, >> and how willingly, the bank involved made up the amount of the theft? I >> haven't seen any recent statistics on such crimes, but I'm amazed that the >> level of theft hasn't made Internet banking very much more expensive. >> >> David L. >> _______________________________________________ >> Link mailing list >> Link@mailman.anu.edu.au >> http://mailman.anu.edu.au/mailman/listinfo/link >> >_______________________________________________ >Link mailing list >Link@mailman.anu.edu.au >http://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 http://about.me/roger.clarke mailto:roger.cla...@xamax.com.au http://www.xamax.com.au/ Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link