ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Story: Two-factor authentication 'not the solution' to online fraud

  • Previous comment

Posted by: Arthur B. (Thursday 17 March 2005, 9:48 PM)

  • Reply

Indeed. A multi-level approach is needed.

Think about two-factor authentication (or even more) combined with sequential response challenges (eg: the bank customer in question would have a piece of paper with a few hundred responses on it and the first transaction would ask for response number one, the second transaction for the second response and so forth; thus making it harder for a phising attack to know what the next question number is; thus alerting the bank customer in case they guess the wrong number) combined with logging the source of transaction requests and cross-referencing that with historical data to pinpoint which sources initiated transactions for various accounts all of a sudden and without reasonable explanation. Etc, etc.

What also might be of interest is the good old call-back security measure. Meaning that the bank customer initiates a transaction and once identity has been confirmed the transmission is ended and the bank will initiate a call back to the previous agreed upon location (e.g. the IP address of the customer, the e-mail adress of the customer or even the phone number of the customer [press 1 to confirm transaction request 411 or something]).

Yes, that will cost the banks some money but on the other hand it'll save them money (and face) as well.

In short, there's enough that can be done with existing technology and solutions. No need to let all those customers run to the store and empty their wallets for some half-baked solution so a few years from now they can run to the stores again.

Hmmm, perhaps I should software patent this and charge each and every one of you so I can pay my laywers to keep the laywers of the banks and big software companies of my back.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread


Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment