[LINK] Consumer computer security

Marghanita da Cruz marghanita at ramin.com.au
Tue Jan 23 16:08:37 AEDT 2007

Craig Sanders wrote:
> On Tue, Jan 23, 2007 at 02:08:07PM +1100, Marghanita da Cruz wrote:
>>From a consumer perspective, wouldn't it would be better to leave Banks 
>>to decide what they use to authenticate users and the information they 
>>log about transactions. This would put the onus on them to prove the 
>>source of a fraud and demonstrate due care of their customers funds.
> from a consumer perspective, it would be better if banks had several
> options that the user could choose to enable. i'd personally choose
> limited IP range, client-certificate, AND token/code from a keychain
> gizmo, all in addition to login & password.
> if i was going travelling, i would temporarily disable the IP limit and
> take a laptop with me that had my client cert on it (i'd take a laptop
> travelling anyway and set up a uucp-over-tcp feed or something for my
> mail).
> oh yeah: the banks should require, at minimum, login & password PLUS
> a keychain token. client cert and IP address limit would be optional
> restrictions.

This was kind of my point, it is really up to the banks to do the risk
assessment. I don't think it should be left to consumers to choose.

The IP address/or a phone number would be useful in tracing the source
of the fraud rather than authentication.

I have had a laptop stolen...which makes me a bit wary of storing
anything on one. I would also be reticent to use a public computer or
even one in a workplace - but then as I said, I don't use Internet or
Telephone banking.

Marghanita da Cruz
Telephone: 0414-869202
Ramin Communications Pty Ltd
ABN: 027-089-713-084

More information about the Link mailing list