Note: This column represents the opinions
of the writer and as such, is not purported as fact
Sponsor's Message
|
Oh dear, it seems that some evil sod installed a trojan key-logger on a computer
in a web-cafe and captured what some reports indicate to be login details
giving access to half a million dollars worth of bank accounts.
Woopee -- what's new?
I've never even been slightly tempted to use any PC other than my own for
the purposes of accessing my diminutive bank balance.
I mean -- would you hand your EFTPOS card to a total stranger and trust him
not to run away with it once you'd also told him the PIN number so that he
could help you withdraw some cash from an ATM?
Now have your say
|
Got something to say about today's column, or want to see what
others think?
Visit The Forums
While you're here, why not visit the Aardvark
Hall of Shame
and perhaps make your own nomination.
|
|
I find it interesting that this story has come out just a few days after a US
report indicating that 14 percent of Net users there have shied away from
online banking, citing security worries.
As one canny listener suggested on RadioNZ this morning, the trojan/keylogger
problem is pretty much a Windows-only issue so I'm wondering why cybercafes
don't switch to Linux/Firefox and save their customers some grief.
Let's face it -- the IE-specific features (such as Active-X) ought to be turned
off on a public-access PC anyway or there's no way to guarantee the security
of the computers being used.
So how are the banks going to get around this problem of phishing and malware
so as to win back the confidence of customers?
The two-factor system has been widely touted by many and discussed in this
column recently. It's still susceptible to man-in-the-middle attacks but
is still a snot-load more effective than just an ID/password.
Given that we still have a relatively low uptake of broadband in NZ, what about
implementing a dial-back facility for those who access the Net using a regular
modem through the PSTN? Nah... to hard - few banks have any dial-out capabilities
anyway.
What about delivering the second factor via SMS? Well that *is* better but
(believe it or not), not everyone has a cellphone and on occasion I've had
SMS messages delayed by several hours due to hiccups on the mobile network.
While I was in Auckland filming "Let's Get Inventin" before Christmas, I met
an interesting fellow who's currently working on a service that highlights
just how cheap some cellular technology is. His service throws in a free
camera-phone as part of the deal and can afford to do so because they're just
so damned cheap to produce.
Maybe the banks could offer their online banking customers a simple little
receiver (like a pager perhaps) that could be attached to their keyring. I'm
sure these things could be made for just a few dollars each and would provide
the perfect vehicle for delivering the second-factor.
What's more, if it had a simple one-line display, it could even be used to
deliver notification of any activity on your account (EFTPOS card use,
cheques cashed, etc) -- thus adding a further level of security to your
daily banking activities.
Can someone please pick holes in this for me?
By the way all you banks who might be listening -- my publication of this idea
is considered prior art :-)
Aardvark Forums
The forums are back up at:
www.aardvarkforums.co.nz/forums,
have your say on today's column
Unfortunately you'll have to re-register because we're starting the new year
with a complete reinstall.
Yes, You Can Gift Money
I've published this website for the past nine years as a service to the
local internet and IT industry and during all that time it has been 100%
free to access. It is my intention to ensure that it remains completely
free and free of charge and contains only the most sparse levels of advertising.
Aardvark is not a business, it is a free resource.
If you feel that this is a good thing and/or you hold a "geniune affection"
for yours truly -- then you are welcome to gift me some
money using the buttons provided. In gifting this money you accept that no goods,
service or other consideration is offered, provided, accepted or anticipated in return.
Just click on the button to gift whatever you can afford.
NOTE: PayPal bills in US dollars so don't accidentally gift more than
what you were intending :-)
Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats,
bouquets or news tip-offs.
If you'd like to contact me directly, please
this form. If you're happy for me to republish
your comments then please be sure and select For Publication.
Other media organisations seeking more information or republication rights
are also invited to contact me.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
page?
Just add a
couple of lines of JavaScript
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
here.
Contact me if you decide to use either of these feeds and
have any problems.
Linking Policy
Want to link to this site? Check out Aardvark's
Linking Policy.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
= open in new window