[LINK] Bank to offer SMS security option

[Karl Auer]

> > The Age paper today, ('Money' Section p9) notes that the Commonwealth
> > Bank will soon offer, "the option of an SMS security-code service .... the
> > bank will prompt the customer to request a code number which is then
> > delivered via an SMS message .."

The SMS solution is close to useless. It is an unreliable, unlogged
channel. The fact of this delay means that the key has to be valid for a
very long time (many, many minutes). It puts a random delay between me
and my banking. It requires me to own a mobile phone. Worse, it requires
me to bank where I have SMS access. Where I live and work, there is no
mobile coverage; not GSM, not CDMA, not 3G. The fallback offered by (eg)
the NAB? No SMS. I.e., fallback to a lower level of security. Or I can
lock my account when I log out, but then I have to reactivate it by
phone before I can bank again. Gee, thanks.

A solution that works, is cheap, is extremely effective, and that has
been in use by serious banks (as against the toy banks we have in this
country) is One Time Pads or the electronic (and better) version of
same, SecureID. Those Oz banks that offer it have the unmitigated
effrontery to CHARGE for it!

Toy bank story. I needed to transfer a house deposit out of Switzerland
when we were moving back here. I'd had problems with ridiculously low
daily transfer limits in Oz. So I rang my Swiss bank to ask if they had
daily limits too. "Yes sir, I'm afraid we do". Oh dear. My heart sank.
"Er, what's the limit then?" "Four million franks, sir."

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)