W3C home > Mailing lists > Public > public-identity@w3.org > July 2011

Re: On-line Bank Auth. Was: Privacy

From: Mo McRoberts <Mo.McRoberts@bbc.co.uk>
Date: Sun, 31 Jul 2011 19:09:05 +0100
Cc: "public-identity@w3.org" <public-identity@w3.org>
Message-Id: <8500D56B-7DC7-4005-AF98-FD7E771CED27@bbc.co.uk>
To: Anders Rundgren <anders.rundgren@telia.com>

On 30 Jul 2011, at 07:47, Anders Rundgren wrote:

> Mo,
> 
> What you are saying about banks in the UK is applicable to Scandinavia
> as well with a few exceptions.
> 
> I have always wondered why a regulated, (usually) very rich, and
> global industry sector never spent a single cent on creating a
> generally useful 2FA solution.  From what I can see they hardly
> cooperate even on a national basis.

All of the available evidence suggests that the reason for this is because they don’t actually care about security, but instead about shifting liability (c.f. everything anybody smart has ever written about 3-D Secure, for example).

As it goes, piggybacking the fact that everybody has smart cards as bank cards to implement a 2FA solution which is entirely standalone works pretty well and has some distinct advantages, and I've a feeling that although they may not be completely interchangeable, there's not a huge amount of difference between a reader from bank X and a reader from bank Y.

One “solution” which seems to be gaining traction in the banking sector is Trusteer Rapport, which I'm having real trouble distinguishing from malware.

M.

-- 
Mo McRoberts - Data Analyst - Digital Public Space,
Zone 1.08, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA,
Room 7066, BBC Television Centre, London W12 7RJ,
0141 422 6036 (Internal: 01-26036) - PGP key 0x663E2B4A
Received on Sunday, 31 July 2011 18:09:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 31 July 2011 18:09:41 GMT