North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Phishing (Was Re: WashingtonPost computer security stories)
> I wonder if the banks have ever considered how they have > contributed to the problem. If their pages were straight > up, no pop-up's, no JavaVirus, etc.... it would be far easier > to tell their customers: > > ============================================================== > Here is what our page looks like: > But of course, that would not be glitzy enough.... My bank does pretty much what you suggest. Have a look here https://ibank.barclays.co.uk/fp/1_2c/online/1,26806,logon,00.html and if that link has timed out or something, just go here https://ibank.barclays.co.uk/ and click the Log-in button. Barclays also uses a "memorable word" in addition to the PIN code. They repeatedly tell us that no-one from Barclays will ever ask us to reveal this memorable word. It's only use is for a simple challenge-response where the website asks for two specific letters from the word and we select them from drop-down boxes to defeat keyloggers. Nice example of layered security that keeps the criminals snapping at the heels of the guy next door, i.e. CitiBank et al. --Michael Dillon
|