[LINK] Consumer computer security

stephen at melbpc.org.au stephen at melbpc.org.au
Thu Jan 25 03:02:18 AEDT 2007


At 05:12 PM 24/01/2007, Glen writes:

>> I'm looking for some help here. I'm writing a submission
>> to ASIC on the review of the EFT Code of Conduct ...
>
> The banks face the total liability now, and yet aren't uniformly
> doing simple things like:
>
> - script-defeating login procedures
> - multi-factor authentication of transactions
>  - making it more difficult to intercept secret data (such as PINs)
> - allowing "read only" accounts for people merely interested in
>   their account balances whilst budgeting
> - issuing user certificates rather than using low quality
>   certificate authorities
> - black listing browser versions with known bugs
> - questioning transactions which appear from differing
>  ISPs in a short period
>
> I really think ASIC needs to create a minimum list .. there is social
> good beyond the liability () in restricting internet banking fraud. (MS)
> can't even offer a secure channel for getting a PIN to a bank.

Well said. Another bank security service imho should be to offer their
customers SMS 'back-channel' notification of larger transactions, and
even a third stage, requiring an SMS approval-reply before completion.

That could apply to most forms of bank transactions: cheque, transfer
and even some forms of VISA transactions, where the hole-in-the-wall
allows a time-window to account for the apparently normal SMS delay. 

Cheers all ..
Stephen Loosley
Victoria,
Australia

Message sent using MelbPC WebMail Server






More information about the Link mailing list