[LINK] Consumer computer security
stephen at melbpc.org.au
stephen at melbpc.org.au
Thu Jan 25 03:02:18 AEDT 2007
At 05:12 PM 24/01/2007, Glen writes:
>> I'm looking for some help here. I'm writing a submission
>> to ASIC on the review of the EFT Code of Conduct ...
>
> The banks face the total liability now, and yet aren't uniformly
> doing simple things like:
>
> - script-defeating login procedures
> - multi-factor authentication of transactions
> - making it more difficult to intercept secret data (such as PINs)
> - allowing "read only" accounts for people merely interested in
> their account balances whilst budgeting
> - issuing user certificates rather than using low quality
> certificate authorities
> - black listing browser versions with known bugs
> - questioning transactions which appear from differing
> ISPs in a short period
>
> I really think ASIC needs to create a minimum list .. there is social
> good beyond the liability () in restricting internet banking fraud. (MS)
> can't even offer a secure channel for getting a PIN to a bank.
Well said. Another bank security service imho should be to offer their
customers SMS 'back-channel' notification of larger transactions, and
even a third stage, requiring an SMS approval-reply before completion.
That could apply to most forms of bank transactions: cheque, transfer
and even some forms of VISA transactions, where the hole-in-the-wall
allows a time-window to account for the apparently normal SMS delay.
Cheers all ..
Stephen Loosley
Victoria,
Australia
Message sent using MelbPC WebMail Server
More information about the Link
mailing list