Online Banking

[MrBabis]

Source: http://www.antisource.com/article.ph...e-banking-2006

Phishing has become so prevalent that banks must take additional precautions to avoid losses. Unsuspecting Internet users are being fooled into providing their login information by spam emails sent by scammers which appear to be from the financial institution itself.

There are three basic ways of identifying a legitimate user; something they know, something they have, and something they are. Two-factor authentication means that two different types must be used to allow logins.

May we feel us safe?

There are a number of different methods that will satisfy the new requirement:
- Card readers which generate a password when a card is swiped
- Tokens, which can plug into a USB port
- Password generators that create one-time use passwords
- Fingerprint or retinal scanner
- Scratch-off cards that have a series of one-time use passwords

[the_JinX]

I use online banking with Rabobank a lot..
They have two-factor authentication.

You have a 'random reader' which needs your card and pin code to generate a one-time use password to log in.

To finalize any transaction you get a 10 digit integer from the site which you have to provide to the 'random reader' allong with your card and pin code. This generates another one-time use password.

I do feel as safe as I should be..
There's IMHO a bigger chance of me being mugged while getting cach from an ATM.

[Computernerd22]

When you do online banking with BankofAmerica they want you to use your social security number as the login name, then they issue you a password Also, the "secure connection" is

SSL 3.0, RC4 with 128 bit encryption (HIGH); RSA with 1024 bit exchange.
I'm not sure how many other banks do similar activity?

[bballad]

Originally posted here by Computernerd22
When you do online banking with BankofAmerica they want you to use your social security number as the login name, then they issue you a password Also, the "secure connection" is

SSL 3.0, RC4 with 128 bit encryption (HIGH); RSA with 1024 bit exchange.
I'm not sure how many other banks do similar activity?

WOW, so your login is a known information, and your password is created by an algorithem (only psudorandom.)

BoA has never been knwn for there high security markes these are the dopes that got their atms infected with code red. Seems that the ATM's where running win2k pro, had MSDE running and instead of secured connections to the fed net like they are supposed to have they connected to standared ISP's the VPn'd to fed net a very big no-no that could have exposed the entire banking network to the outside world. they got smack around a bit for that stunt.


I would stay away from Chase, just did a 9 month stint with them, no one there takes windows security seriously, the admin password is stupid easy to guess (they change it every 6 months but the new one is also stupid easy to guess). ports open to the outside world that don't need to be, we caught one intruder while I was there (got lucky) but there are probably more, no log managment, most of the useful information isn't logged (in TSS which is where I was we fix that but for personal accounts this is still true) At least they have RSA keys for dual authentication to secure your identity. Oh and they are outsourceing all of there IT security to a shop in india (well techincaly offshoreing they bought up the outsourceing firm so it looks like they are moveing jobs not laying people off)

[tarpi]

I believe the original quote talked about Phishing. What good is the SSL 3.0, RC4 ... if you give out your password to a phishing site. I always make sure to examine the url in the browser and perhaps open the TCPView from sysinternals to see where exaclty am I connected before entering the user info, especially when credit card or bank account is invovled.

[kr5kernel]

exactly. I recently noticed that ebay is trying to combat this by making you check a "my messages" area inside the site. They specifically say they will not send emails with a link in it any more.

[Galdron]

Although this might simplify things too much, I think it comes down to the basic fact of who you bank with. And how much is at stake.

At least in this country (USA), we have the FDIC. Which provides a "safe" guarantee up to $100,000,00. I would imagine that the choice of your bank is more important than your acct. itself. Unless you have more than the average Joe to lose.

In most cases fraudulent activities will be absorbed by the (reputable) bank in question. Although this does not account for the possibility of identity theft, the better the bank the more budget, the better (hopefully) the security......................

www.fdic.gov/bank/individual/online/safe.html


Common sense in this case is important.


If not a large hole in your backyard is better.

[TheNovice]

The CAM bank in Spain uses a numeric "keyboard" to type you password. You have to use the mouse and not your PC keyboard to select the numbers . The numeric keyboard on the screen is never the same.
JC

[Galdron]

The CAM bank in Spain uses a numeric "keyboard" to type you password. You have to use the mousse

Is it Chocolate mousse? hehe J/K



BTW Welcome to AO!

Some weird shriveled green up apples for ya. lol

Good ppl. here.

[TheNovice]

This is why I was always last in the classroom, never checked my work. BTW I am not an English Speaker so I guess I have got an excuse.
JC