funsec mailing list archives
Re: The solution to Phishing
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 25 Oct 2005 16:02:27 +0100 (BST)
Thanks for the economics lesson...
You're welcome. Since this is a public list, there might be at least one person reading these postings that didn't know.
extra %'age on my mortagageYour mortgage % is based on the general interest rate, plus a bit more that represents the risk that you'll default. Phishing won't affect that.Wrong. The risk of such defaulting (not the risk _I_ will default, but the statistical average risk) is partly determined by the rate and level of fraud perpetrated against the bank's customers. Phishing-related fraud probably has a very small effect there, but it will have some effect.
A very small effect indeed; a mortgage isn't something that you can draw cash out from, so why would a phisher phish a mortgage account? I find it hard to see how a phisher would damage you by paying off all or some of your mortgage. I suppose one could call this "reverse phishing"; people discovering your account details so that they can give you money.
<<snip>>So, how much is it costing _me_ to support the current level of idiot allowed to use the currently very weak online banking, sales, etc business?It doesn't have to cost you anything. Just choose a bank that doesn't offer online banking; ...Can't. All NZ banks offer online banking. Most are very actively _encouraging_ its (and telephone banking's) adoption and use. And anyway, _current_ online banking _is_ safe enough for me as I am not an idiot user AND I find online banking really handy and desirable, so dropping it is not actually the solution I'm looking for. Finally, if a bank did not offer online banking, it's _other_ costs would probably be higher, so would I really be better of??... market forces lead to survival of the fittest banks.In this regard, all my choices are equally "unfit"...If you can't find such a bank, then that's excellent news - it means that there's a market opportunity for you to start one. If by doing that, you can make your bank charges lower, you'll prosper. If that doesn't lead to lower bank charges, then you've discovered something useful.And your serious suggestion is?
To start up a bank. What, did you think that was impossible? Lots of people have done it, you don't need a licence (provided you pretend that you aren't a bank) and you don't even need any capital. The one that comes most readily to mind is Paypal. And in the New Zealand Fitzgerald Bank, online services will only be available to those who can demonstrate a degree of Clue. Alternatively, in the NZFB, online services will use an authentication system that can't be phished.
I'd be much happier if I could easily find the comparative monetary cost of what is currently the banks, CC companies, etc deciding that current practice is (near enough to) "safe enough"...Interest rates are, in the long run, the rate of inflation plus about 2 or 3 % (look at the yield on undated gilts). Anything more than that, is either a risk premium or a profit. So, look at what you're paying, and you can calculate it.That doesn't tell me the actual cost of phishing and other identity- theft related fraud,
It tells you the cost to *you* via the higher interest rates you're paying.
and much as we see estimates of such losses/costs (usually in terms of "X million per year", either for a specific bank or a whole country's banking industry), I seriously doubt they are ever vaguely accurate.
Of course they aren't, these are made-up numbers for the purposes of sky-is-falling journalism. Of course, no-one takes these figures seriously, just as no-one takes all the other sky-is-falling stories that the press runs at all seriously. Which, of course, is unfortunate if you live in a city where the sky really is about to fall (New Orleans a couple of months back, for example). _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The solution to Phishing Blanchard_Michael (Oct 24)
- Re: The solution to Phishing Craig Webster (Oct 24)
- Re: The solution to Phishing Nick FitzGerald (Oct 24)
- Re: The solution to Phishing Drsolly (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 25)
- Re: The solution to Phishing Drsolly (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 25)
- RE: The solution to Phishing Aditya Deshmukh (Oct 25)
- Re: The solution to Phishing Nick FitzGerald (Oct 24)
- Re: The solution to Phishing Craig Webster (Oct 24)
- Re: The solution to Phishing Drsolly (Oct 24)
- Re: The solution to Phishing Jim Murray (Oct 24)
- <Possible follow-ups>
- RE: The solution to Phishing Blanchard_Michael (Oct 24)
- RE: The solution to Phishing Blanchard_Michael (Oct 24)
- RE: The solution to Phishing Blanchard_Michael (Oct 24)