funsec mailing list archives
RE: bankone/chase non-scam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 11 Dec 2006 15:17:56 +1300
Larry Seltzer to Drsolly:
I would tell Aunty Gi, not to access her accounts online.Really, you think it's that bad? I think the benefits of online banking are so enormous that it's hard to blow it off like that.
For myself, I agree -- but then, unlike your Aunty Gi, I am well-suited to accurately and reliably make the critically important calls that affect _my_ online safety (and yes, unlike some other high-profile techies on this list, I _do_ use online banking because my judgement of the risks is that those I take are acceptable for the convenience pay- off, BUT I doubt I'd ever use an "online only" bank or take some deal like lower bank fees for using only online services). Sadly however, because most online banking users (perhaps those like your Aunty Gi?) are _not_ as well equipped as me to make those critical decisions, for the last several years my bank fees have continued to soar past the rate of general inflation _despite_ all of the bank's modernization, computerization, automation, reduction in face-to-face an voice-to-voice bank staff/customer interaction. Why? Because losses to fraud have gone up, reaching perilously close to (or surpassing) the "comfort level" already factored into the service fees, transaction margins and so on...
If you were to tell Aunty Gi to ignore *all* mail purportedly from the bank, without exception, I doubt she would be in trouble with respect to online banking. The only real e-mails I've ever gotten from Bank of America have been informative, not critical.
And you're absolutely sure that Aunty Gi can tell that every (or most) actual scam Emails purportedly from her bank "informing" her that she has to verify her account details or whatever actually _are_ what you label "critical" rather than "informative"? Why don't you see that requiring entirely ill-trained, ill-prepared and ill-equipped users to make such decisions _IS_ the root of this problem? It doesn't matter how you fancy-up or dumb-down the language, the point is that there are no sufficiently reliable, trivially easy to use and teach the user to use properly ways of avoiding that problem with typical contemporary online banking and other Internet messaging protocols, etc. Placing the onus on the user in an information poor, technology poor frame to make the "right" decision, there will always be too many "ooopsies"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: bankone/chase non-scam, (continued)
- Re: bankone/chase non-scam Paul Vixie (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Gadi Evron (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- Re: RE: bankone/chase non-scam der Mouse (Nov 29)
- Re: bankone/chase non-scam Paul Vixie (Nov 29)
- RE: bankone/chase non-scam Nick FitzGerald (Dec 10)
- Re: bankone/chase non-scam Brian Loe (Dec 11)