Citibank discloses private information to improve security
Lance James
lancej at securescience.net
Tue May 31 14:20:50 EDT 2005
Ed Gerck wrote:
> Suppose you choose "A4RT" as your codeword. The codeword has no privacy
> concern
> (it does not identify you) and is dynamic -- you can change it at will,
> if you
> suspect someone else got it.
>
> Compare with the other two identifiers that Citibank is using. Your full
> name
> is private and static. The ATM's last-four is private and static too
> (unless
> you want the burden to change your card often).
>
I agree on the privacy issue, your point is well taken there.
> Lance James wrote:
>
>> But from your point, the codeword would be in the clear as well.
>> Respectively speaking, I don't see how either solution would solve this.
>>
>>
>> Ed Gerck wrote:
>>
>>> List,
>>>
>>> In an effort to stop phishing emails, Citibank is including in a
>>> plaintext
>>> email the full name of the account holder and the last four digits of
>>> the
>>> ATM card.
>>>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Have Phishers stolen your customers' logins? Find out with DIA
https://slam.securescience.com/signup.cgi - it's free!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list