User: Password:
|
|
Subscribe / Log in / New account

I blame the banks.

I blame the banks.

Posted Dec 20, 2008 11:01 UTC (Sat) by rwmj (subscriber, #5474)
In reply to: I blame the banks. by Los__D
Parent article: "Vishing" advisory targets Asterisk

I can confirm dwmw2's account - my UK bank called me up recently, with blocked caller ID, and then demanded security details. I told them where to go of course, but I later got a secure message through their authenticated web service which confirmed it was in fact them.

Ironically, perhaps, the call was about that other ludicrous UK bank invention - "Verified for Visa". (a.k.a "we verified that you will take the blame, not Visa"). The one where you get taken to an iframe on a 3rd party site which asks for your security details. My inquiry which prompted the call was to ask when they might actually implement something secure, such as credit card device that generates one-time keys.

Rich.


(Log in to post comments)

I blame the banks.

Posted Dec 20, 2008 11:17 UTC (Sat) by dwmw2 (subscriber, #2063) [Link]

"My inquiry which prompted the call was to ask when they might actually implement something secure, such as credit card device that generates one-time keys."
So, not a conversation for which they actually needed to authenticate you at all. Thus, they were demonstrating an even more fundamental lack of clue about security than we originally thought...

I blame the banks.

Posted Dec 20, 2008 11:23 UTC (Sat) by rwmj (subscriber, #5474) [Link]

I hadn't thought about that actually, but yeah, they're even more stupid than we thought :-)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds