Online Banking
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Online Banking

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    394

    Online Banking

    Source: http://www.antisource.com/article.ph...e-banking-2006

    Phishing has become so prevalent that banks must take additional precautions to avoid losses. Unsuspecting Internet users are being fooled into providing their login information by spam emails sent by scammers which appear to be from the financial institution itself.

    There are three basic ways of identifying a legitimate user; something they know, something they have, and something they are. Two-factor authentication means that two different types must be used to allow logins.


    May we feel us safe?

    There are a number of different methods that will satisfy the new requirement:
    - Card readers which generate a password when a card is swiped
    - Tokens, which can plug into a USB port
    - Password generators that create one-time use passwords
    - Fingerprint or retinal scanner
    - Scratch-off cards that have a series of one-time use passwords
    // too far away outside of limit

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I use online banking with Rabobank a lot..
    They have two-factor authentication.

    You have a 'random reader' which needs your card and pin code to generate a one-time use password to log in.

    To finalize any transaction you get a 10 digit integer from the site which you have to provide to the 'random reader' allong with your card and pin code. This generates another one-time use password.

    I do feel as safe as I should be..
    There's IMHO a bigger chance of me being mugged while getting cach from an ATM.
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    When you do online banking with BankofAmerica they want you to use your social security number as the login name, then they issue you a password Also, the "secure connection" is

    SSL 3.0, RC4 with 128 bit encryption (HIGH); RSA with 1024 bit exchange.
    I'm not sure how many other banks do similar activity?

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by Computernerd22
    When you do online banking with BankofAmerica they want you to use your social security number as the login name, then they issue you a password Also, the "secure connection" is

    SSL 3.0, RC4 with 128 bit encryption (HIGH); RSA with 1024 bit exchange.
    I'm not sure how many other banks do similar activity?

    WOW, so your login is a known information, and your password is created by an algorithem (only psudorandom.)

    BoA has never been knwn for there high security markes these are the dopes that got their atms infected with code red. Seems that the ATM's where running win2k pro, had MSDE running and instead of secured connections to the fed net like they are supposed to have they connected to standared ISP's the VPn'd to fed net a very big no-no that could have exposed the entire banking network to the outside world. they got smack around a bit for that stunt.


    I would stay away from Chase, just did a 9 month stint with them, no one there takes windows security seriously, the admin password is stupid easy to guess (they change it every 6 months but the new one is also stupid easy to guess). ports open to the outside world that don't need to be, we caught one intruder while I was there (got lucky) but there are probably more, no log managment, most of the useful information isn't logged (in TSS which is where I was we fix that but for personal accounts this is still true) At least they have RSA keys for dual authentication to secure your identity. Oh and they are outsourceing all of there IT security to a shop in india (well techincaly offshoreing they bought up the outsourceing firm so it looks like they are moveing jobs not laying people off)
    Who is more trustworthy then all of the gurus or Buddha’s?

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    41
    I believe the original quote talked about Phishing. What good is the SSL 3.0, RC4 ... if you give out your password to a phishing site. I always make sure to examine the url in the browser and perhaps open the TCPView from sysinternals to see where exaclty am I connected before entering the user info, especially when credit card or bank account is invovled.

  6. #6
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    exactly. I recently noticed that ebay is trying to combat this by making you check a "my messages" area inside the site. They specifically say they will not send emails with a link in it any more.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  7. #7
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Greetings

    Although this might simplify things too much, I think it comes down to the basic fact of who you bank with. And how much is at stake.

    At least in this country (USA), we have the FDIC. Which provides a "safe" guarantee up to $100,000,00. I would imagine that the choice of your bank is more important than your acct. itself. Unless you have more than the average Joe to lose.

    In most cases fraudulent activities will be absorbed by the (reputable) bank in question. Although this does not account for the possibility of identity theft, the better the bank the more budget, the better (hopefully) the security......................

    www.fdic.gov/bank/individual/online/safe.html


    Common sense in this case is important.


    If not a large hole in your backyard is better.

    Get some good religion from Bad Religion.

  8. #8
    Junior Member
    Join Date
    Mar 2005
    Posts
    21
    The CAM bank in Spain uses a numeric "keyboard" to type you password. You have to use the mouse and not your PC keyboard to select the numbers . The numeric keyboard on the screen is never the same.
    JC

  9. #9
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Heheh

    The CAM bank in Spain uses a numeric "keyboard" to type you password. You have to use the mousse
    Is it Chocolate mousse? hehe J/K



    BTW Welcome to AO!

    Some weird shriveled green up apples for ya. lol

    Good ppl. here.


    Get some good religion from Bad Religion.

  10. #10
    Junior Member
    Join Date
    Mar 2005
    Posts
    21

    This is why I was always last in the classroom, never checked my work. BTW I am not an English Speaker so I guess I have got an excuse.
    JC

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •