funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bank security

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 23 Jul 2009 13:10:21 +0100 (BST)
I think the way it works is this.

You have the people who actually understand A) security and B) how 
computers work and C) how email works and D) how the internet works and E) 
the things that people get up to and F) the stupid things that users do. 
That's a small number of people. Me, of course, and obviously you.

Then you have the people who write the rules that banks make for 
themselves. They understand a few of the above, and, of course, they're 
pants at communication.

Then you have the bank staff who try to comply with the rules so 
incomprehensibly written, and without any understanding of the basis for 
those rules, which themselves were written by goldfish. But what they do 
understand, is that if they stick to the rules, they can't be fired if 
something goes wrong, and if they don't stick to the rules, they can be 
fired.

And then you have the users; that's you and me again, plus your granny,
plus Joe Lunchmeat, plus Evir Ghord Hruwhem. All we want is a convenient
service without any stupid security restrictions. Except we don't want
anyone stealing our money. And we don't know the rules the banks work by, 
because they're secret, except when we bump up against one of them, and 
even then we don't find out what the rule is, we only find out what the 
bank clerk thinks the rule is.



On Wed, 22 Jul 2009, Rich Kulawiec wrote:


On Wed, Jul 22, 2009 at 09:43:55AM +0100, Drsolly wrote:

And this is a bank. 

And we wonder why there's fraud ...


About a year ago, I went several rounds with a local financial institution
while trying to deposit money into an account.  They wanted a thumbprint
in order to verify that fraud wasn't being attempted, and were utterly
impervious to the point that it was a DEPOSIT, not usually a profitable
means of fraud.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: