Re: On-line Bank Auth. Was: Privacy

On 2011-08-02 09:34, Mo McRoberts wrote:
> 
> On 31 Jul 2011, at 20:16, David Chadwick wrote:
> 
>> not surprising, since the UK SME that produces it seems to believe more in security through obscurity rather than on using published open, and rigorously validated security protocols and algorithms. When I spoke to one of their directors, he was not willing to reveal anything about how it works
> 
> here's a bit more about it, from Craig Hockenberry of The Iconfactory fame:
> 
> http://furbo.org/2011/08/01/un-trusteer-ed/
> 
> All in all, it's pretty horrific.

It is probably no worse than 3D Secure (VISA VbV, MasterCard SecureCode) which
requires the poor user to manually enter all the credit-card data and then as
a "bonus" authenticate to the issuer.

The financial industry doesn't really cut it AFAICT.  Either they come up with
stuff that has serious platform issues, is expensive, is security-broken, or
is next-to-impossible to use.  Some banks even manage combining all of these
features :-)

I think the real culprit is that they mainly listen to local "security vendors",
rather than realizing that secure on-line authentication for consumers is a
pretty generic issue that essentially only platform vendors can deal with in
a cost-efficient way.

I can't on top of my head recall a single request in an SDO forum coming from a
bank-representative.  I guess bank employees are not supposed to publicly air
requirements?

Anders

Received on Tuesday, 2 August 2011 08:15:56 UTC