funsec mailing list archives
Re: Bank security
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 23 Jul 2009 13:10:21 +0100 (BST)
I think the way it works is this. You have the people who actually understand A) security and B) how computers work and C) how email works and D) how the internet works and E) the things that people get up to and F) the stupid things that users do. That's a small number of people. Me, of course, and obviously you. Then you have the people who write the rules that banks make for themselves. They understand a few of the above, and, of course, they're pants at communication. Then you have the bank staff who try to comply with the rules so incomprehensibly written, and without any understanding of the basis for those rules, which themselves were written by goldfish. But what they do understand, is that if they stick to the rules, they can't be fired if something goes wrong, and if they don't stick to the rules, they can be fired. And then you have the users; that's you and me again, plus your granny, plus Joe Lunchmeat, plus Evir Ghord Hruwhem. All we want is a convenient service without any stupid security restrictions. Except we don't want anyone stealing our money. And we don't know the rules the banks work by, because they're secret, except when we bump up against one of them, and even then we don't find out what the rule is, we only find out what the bank clerk thinks the rule is. On Wed, 22 Jul 2009, Rich Kulawiec wrote:
On Wed, Jul 22, 2009 at 09:43:55AM +0100, Drsolly wrote:And this is a bank. And we wonder why there's fraud ...About a year ago, I went several rounds with a local financial institution while trying to deposit money into an account. They wanted a thumbprint in order to verify that fraud wasn't being attempted, and were utterly impervious to the point that it was a DEPOSIT, not usually a profitable means of fraud. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Bank security, (continued)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security John C. A. Bambenek, GCIH, CISSP (Jul 22)
- Re: Bank security Tomas L. Byrnes (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Drsolly (Jul 23)
- Re: Bank security Rob Thompson (Jul 23)