Re: Over 5 million Visa/MasterCard accounts hacked into

[InfoSec News <isn () c4i org>]

Forwarded from: *Hobbit* <hobbit () avian org>

One thing that astounds me is the raised eyebrows in most banking
institutions if a customer wants to trade in a credit card and get a
different number every six months or so [which is probably still not
frequent enough, considering our general thoughts on how often you
should change passwords].  They expect everyone to be happy with
essentially the same password for five years or so.  They really just
don't get it yet.

Something way better is needed, perhaps something that builds on the
one-shot payment credential system Amex was starting to work on is
needed -- the moral equivalent of s/key for your money.  The current
"fraud protection" is a joke -- *someone* has to eat way too much lost
balance every year, whether it's the consumer or not.

_H*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.