Citibank discloses private information to improve security
Ed Gerck
edgerck at nma.com
Thu May 26 17:19:09 EDT 2005
Suppose you choose "A4RT" as your codeword. The codeword has no privacy concern
(it does not identify you) and is dynamic -- you can change it at will, if you
suspect someone else got it.
Compare with the other two identifiers that Citibank is using. Your full name
is private and static. The ATM's last-four is private and static too (unless
you want the burden to change your card often).
Lance James wrote:
> But from your point, the codeword would be in the clear as well.
> Respectively speaking, I don't see how either solution would solve this.
>
>
> Ed Gerck wrote:
>
>> List,
>>
>> In an effort to stop phishing emails, Citibank is including in a
>> plaintext
>> email the full name of the account holder and the last four digits of the
>> ATM card.
>>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list