[LINK] Consumer computer security

Saliya Wimalaratne saliya at hinet.net.au
Thu Jan 25 07:16:09 AEDT 2007


On Wed, Jan 24, 2007 at 04:02:18PM +0000, stephen at melbpc.org.au wrote:
> At 05:12 PM 24/01/2007, Glen writes:
> 
> Well said. Another bank security service imho should be to offer their
> customers SMS 'back-channel' notification of larger transactions, and
> even a third stage, requiring an SMS approval-reply before completion.

The only problem is; SMS has no guaranteed delivery time. That is,
you inject a message into the system - and when it comes out is 
anybody's guess.

But a prearranged OOB verification method _would_ present a pretty
insurmountable problem for a hijacked PC crook. That could be SMS, 
or voice call to home-or-mobile, or morse-code for those that wanted.

The method would have to be something you could _only_ change at the 
bank, in person... so you'd still have to visit if only occasionally :)

Regards,

Saliya




More information about the Link mailing list