Citibank discloses private information to improve security

Heyman, Michael Michael.Heyman at sparta.com
Tue May 31 07:26:59 EDT 2005 

> From: owner-cryptography at metzdowd.com 
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of James A. Donald
> Sent: Saturday, May 28, 2005 1:48 PM
> 
> With bank web sites, experience has shown that only 0.3% of 
> users are deterred by an invalid certificate, probably 
> because very few users have any idea what a certificate 
> authority is, what it does, or why they should care.
>
I assume you refer to the BankDirect case with the accidentally invalid
certificate.

In this situation, I believe that the users, through hard won experience
with computers, _correctly_ assumed this was a false positive. If an
attack had actually occurred, the users would have been wrong. Luckily
for them, they were correct and did not let the mistake interfere with
their commerce. The one in 300 users that did let the mistake interfere
wasted their time and, perhaps, money if they lost money due to the
delay in access.

As it stands, the system works reasonably well (of course it still has
its share of problems). If 300 out of 300 users wasted time and money
because of the mistake (say if the system were designed so users could
not bypass the possibly bad certificate warning), the security folks in
ivory towers may pat themselves on the back saying, "look, the system
works great!" - the actual users of the technology would be more then a
little ticked. A brittle system that cannot accept failures will always
have trouble dealing with us fallible types.

I'm not familiar with the BankDirect site, but if it like banking sites
I am used to, it is fairly impersonal and easy to spoof. One way to
reduce the ease-of-spoof factor is to add many ways to identify the bank
web site. If one or two of them fail, the web site is probably still
valid. Ways to identify a site include certificates, personalized
greetings ("Hello Michael, Welcome back, you haven't been here in 4 days
and we've missed you"), code words, the PetName tool, green light by
anti-phishing software, even the URL and overall look-and-feel. So what
if a couple of them fail? That happens all the time and we have to
expect that and design our systems to work in spite of it.

-Michael Heyman


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list