[LINK] Consumer computer security
Saliya Wimalaratne
saliya at hinet.net.au
Thu Jan 25 07:16:09 AEDT 2007
On Wed, Jan 24, 2007 at 04:02:18PM +0000, stephen at melbpc.org.au wrote:
> At 05:12 PM 24/01/2007, Glen writes:
>
> Well said. Another bank security service imho should be to offer their
> customers SMS 'back-channel' notification of larger transactions, and
> even a third stage, requiring an SMS approval-reply before completion.
The only problem is; SMS has no guaranteed delivery time. That is,
you inject a message into the system - and when it comes out is
anybody's guess.
But a prearranged OOB verification method _would_ present a pretty
insurmountable problem for a hijacked PC crook. That could be SMS,
or voice call to home-or-mobile, or morse-code for those that wanted.
The method would have to be something you could _only_ change at the
bank, in person... so you'd still have to visit if only occasionally :)
Regards,
Saliya
More information about the Link
mailing list