[Clips] Banks Seek Better Online-Security Tools

mis at seiden.com mis at seiden.com
Mon Dec 5 13:43:05 EST 2005


please, can people tell us about what their country's liability
framework is, as they understand it, and where the onus of proof is
for what sorts of transactions?

this is one of the few areas where consumers have some actual
protection in the us.

due to ross anderson, i have heard about the uk.   has this been harmonized
in the eu?

many other countries are a mystery to me.

it would seem to me even in countries with pro-bank/anti-consumer stances
the risk could be limited by putting few eggs in that basket, rather than
giving up on using baskets entirely.

as an offering from left field, here's an pretty good paper about
fraud and identity in .au and .nz
http://www.aic.gov.au/conferences/other/smith_russell/2003-09-identity.html


On Mon, Dec 05, 2005 at 07:09:33PM +0100, Jonathan Thornburg wrote:
> I would never use online banking, and I advise all my friends and
> colleagues (particularly those who _aren't_ computer-security-geeks)
> to avoid it.
> 
> 
> >On Sun, Dec 04, 2005 at 05:51:11PM -0500, leichter_jerrold at emc.com wrote:
> >I've been using online banking for many years, both US and Germany.
> >The German PIN/TAN system is reasonably secure,
> >being an effective one-time pad distributed through out of band channel
> 
> Ahh, but how do you know that the transaction actually sent to the
> bank is the same as the one you thought you authorized with that OTP?
> If your computer (or web browser) has been cracked, you can't trust
> _anything_ it displays.  There are already viruses "in the wild"
> attacking German online banking this way:
>   http://www.bsi.bund.de/av/vb/pwsteal_e.htm
> 
> 
> I also don't trust RSAsafe or other such "2-factor authentication"
> gadgets, for the same reason.
> 
> [I don't particularly trust buying things online with a credit card,
> either, but there my liability is limited to 50 Euros or so, and the
> credit card companies actually put a modicum of effort into watching
> for suspicious transactions, so I'm willing to buy (a few) things online.]
> 
> ciao,
> 
> -- 
> -- Jonathan Thornburg <jthorn at aei.mpg.de>
>    Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
>    Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html
>    "Washing one's hands of the conflict between the powerful and the
>     powerless means to side with the powerful, not to be neutral."
>                                       -- quote by Freire / poster by Oxfam
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list