[access-uk] Re: Chip and pin online banking.

Hi DJ.

The software approach is used by major financial institutions to control 
access to their networks and these businesses will have had their own 
dedicated security teams vetting out the applications but I agree that it's 
easy to think that a key fob would seem beyond hacking.  The key fobs do 
seem very reliable as they're nothing more than a bit of plastic with a 
small display and so no moving parts or the like.  These of course don't 
take a card to be inserted and I can see how those may be less reliable to 
wear and tear.

For those interested in the software approach, here's a link to one of the 
leading providers of software authentication applications
http://www.rsa.com/node.aspx?id=1156

Worth passing on to any banks looking at introducing new authentication 
processes.

Regards.

Kevin
E-mail: kevin.lloyd3@xxxxxxxxxxxxxx
----- Original Message ----- 
From: "Dj Paddy" <mygroups@xxxxxxxxxxxxx>
To: <access-uk@xxxxxxxxxxxxx>
Sent: Saturday, May 19, 2007 8:29 PM
Subject: [access-uk] Re: Chip and pin online banking.


> Kev,
>
> I'd say the key fob and/or keypad swipe things, are probably because, 
> "it's
> something you have", (part of one multi factor security spec).
>
> I wonder if they had a really good security team on this?  if they did the
> software could be considered more insecure than the hardware/software 
> combo?
> The software only approach, can be more vunrable to middle man attacks 
> than
> a hardware combo.
>
> I'm being a bit anal there because it's more about prevention than total
> lock down with this layered approach to security...
>
> Dj paddy
> Ôà
> ----- Original Message ----- 
> From: "Kevin Lloyd" <kevin.lloyd3@xxxxxxxxxxxxxx>
> To: <access-uk@xxxxxxxxxxxxx>
> Sent: Saturday, May 19, 2007 7:32 PM
> Subject: [access-uk] Re: Chip and pin online banking.
>
>
> Hi DJ.
>
> Yes, it's a one shot deal so no fear from key loggers at all.  Can't
> understand why the banks wouldn't have looked at this first before going 
> to
> the expense of producing and distributing hardware fobs.
>
> I'll take a look at the software providers web site when I get chance and
> post further details for anyone that may be interested or intending to 
> talk
> to their banks.
>
> It's ok saying that you can switch banks but if you have other issues with
> banks such as offshore call centres, extortionate fees, poor customer
> service and maybe based in countries with a lousy human rights record then
> you're not going to want to switch to them and, as already stated, we
> shouldn't have to suffer a lesser product or service when there are
> perfectly accessible and probably cheaper alternatives.
>
> Regards.
>
> Kevin
> E-mail: kevin.lloyd3@xxxxxxxxxxxxxx
> ----- Original Message ----- 
> From: "Dj Paddy" <mygroups@xxxxxxxxxxxxx>
> To: <access-uk@xxxxxxxxxxxxx>
> Sent: Saturday, May 19, 2007 4:10 PM
> Subject: [access-uk] Re: Chip and pin online banking.
>
>
>> Finger print recognition is tied in with bio-metric authentication, and
>> because it's an extra step is classed as a multi factor authentication.
>>
>> I think the software solution, Kev is currently using sounds grand.
>>
>> Kev, any ideas on how it works?
>>
>> Could key loggers compromise it or is it a one shot deal with the
>> generated
>> number?
>>
>> Dj paddy
>>
>> ----- Original Message
>>
>> ----- 
>> From: "Derek Hornby" <derek.hornby_uk@xxxxxxxxxxxxxxx>
>> To: <access-uk@xxxxxxxxxxxxx>
>> Sent: Saturday, May 19, 2007 2:56 PM
>> Subject: [access-uk] Re: Chip and pin online banking.
>>
>>
>> Barry says
>> "They will use multi factor authentication though eventually."
>>
>> I was wondering couldn't they use  fingerprint?
>> If our  fingerprint was  registered to our  accounts,  and if we could
>> send the finger print  down the ine,  then  no way  could it
>> be  someone else!
>> Regards,
>> Derek
>>
>> e-mail: derek.hornby_uk@xxxxxxxxxxxxxxx
>>
>> ** To leave the list, click on the immediately-following link:-
>> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
>> ** If this link doesn't work then send a message to:
>> ** access-uk-request@xxxxxxxxxxxxx
>> ** and in the Subject line type
>> ** unsubscribe
>> ** For other list commands such as vacation mode, click on the
>> ** immediately-following link:-
>> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
>> ** or send a message, to
>> ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
>>
>>
>> __________ NOD32 2277 (20070518) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>
>> ** To leave the list, click on the immediately-following link:-
>> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
>> ** If this link doesn't work then send a message to:
>> ** access-uk-request@xxxxxxxxxxxxx
>> ** and in the Subject line type
>> ** unsubscribe
>> ** For other list commands such as vacation mode, click on the
>> ** immediately-following link:-
>> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
>> ** or send a message, to
>> ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
>>
>
> ** To leave the list, click on the immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
> ** If this link doesn't work then send a message to:
> ** access-uk-request@xxxxxxxxxxxxx
> ** and in the Subject line type
> ** unsubscribe
> ** For other list commands such as vacation mode, click on the
> ** immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
> ** or send a message, to
> ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
>
>
> __________ NOD32 2277 (20070518) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
> ** To leave the list, click on the immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
> ** If this link doesn't work then send a message to:
> ** access-uk-request@xxxxxxxxxxxxx
> ** and in the Subject line type
> ** unsubscribe
> ** For other list commands such as vacation mode, click on the
> ** immediately-following link:-
> ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
> ** or send a message, to
> ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
>
> 

** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts: