rich(ard)... not knowing what keybank is doing.. i really can't comment much on their approach...
however, if they are creating a unique identifier for the targeted computer, it's not some string/cookie residing in a file on the harddrive... in fact, the unique ID would be based on the physical hardware components of the pc... which essentially locks the ID with the given hardware. it's been shown (not 100%) that this kind of approach is really reasonable, even though you might remove/update various hardware components of the machine... but none of this is tightly coupled to php... peace.. -----Original Message----- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 03, 2006 11:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; 'Rahul S. Johari'; 'PHP' Subject: RE: [PHP] Client Computer Registration On Mon, October 2, 2006 4:19 pm, bruce wrote: > actually richar, and others... > > depending on what they're doing, it's quite alot to it. I sincerely doubt that it is, and apologize in advance to Keybank if it is, but I suspect they just plain don't know what they are doing... I certainly wouldn't use their site without a LOT more research! > if the bank is being agressive, they might be requiring a client app > to be > downloaded and is then able to communicate with the client app, > thereby > getting a great deal more information. a few companies have begun the > process of not just dealing with authorizing the user, but the > computer/device as well. and it really makes sense. in this way, i as > a > business can state with a high degree of confidence that the computer > in the > house (assuming i as a business were to take it that far) was used for > the > transaction in question... Until the Bad Guys write a virus/Trojan that finds that file, and copies it up to their server, so they can then put it on their computer, and thus take over your identity, without even cracking SSL. [shudder] > furthermore, if the dispute isn't satisfied, i can then add the > computer to > a "blacklist" of devices.. if enough companies use this kind of > system, and > the database is large enough, it becomes an additional tool to use to > minimize online transaction abuse... Yeah, that RBL is really effective and has very few false positives to it... [that was sarcasm, just in case you didn't catch it...] There are simply going to be too many records, too many false positives, and *way* too many issues with this. It can not be made to work. That doesn't mean there aren't "experts" out there that disagree with me and aren't going to go ahead and do it. It just means *I* will not be using a bank that does things this way. > as to if people want to be part of this kind of system.. that's a huge > unknown... to be frank, it does open up a number of potential > 'privacy' > issues.. but as scott mcnealy said before.."you have no privacy, get > over > it!!" I am under no illusion about my lack of privacy. That doesn't mean I want to use a bank that is, based on the limited info we've discussed here, LEAKING MY BANK ACCOUNT TO THE PLANET... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
