RE: Proposal to anti-phishing

[Michael Silk <michaelsilk () gmail com>]

Ian said:

> Cost to the user - far from a downside - if a smartcard 
> reader becomes essential and they have to spend some money 
> they might realise what all the fuss is about and get a bit 
> more security conscious.

I doubt it.

They would probably be so annoyed that the "mega rich" banks are now
charging them for even more stuff that "they don't need" just to
become more rich.

Some users might realise that the smart-card can be appropriate, but
would still be upset at the cost and probably try to switch banks.

Personally, I wouldn't want to go through all the trouble of buying
and installing a smart-card reader, typing in thousands of passwords,
etc, just to pay of my credit card account.

Either I'd find another way (via branch, or something) or switch banks
(if possible) to one that provided me with _simple_ access but also
took responsibility if my account was "phished".

The only way _customers_ will get more conscious is when the bank
forces this "non-repudation" on all of them, such that if their
account _is_ phished the bank doesn't have to pay them back.

Banks need to get security conscious first so that they are _able_ to
implement this non-repudation, (and so that it is fair for customers
to have this responsibility thrust upon them), then we can take the
next step and have the customers take responsibility for themselves!

-- Michael

> Ian
>
> ----- Original Message -----
> From: "Rogan Dawes" <discard () dawes za net>
> To: "Lyal Collins" <lyal.collins () key2it com au>
> Cc: "'Florian Weimer'" <fw () deneb enyo de>; "'Rafael San Miguel'"
> <smcsoc () yahoo es>; <webappsec () securityfocus com>; 
> <Enrique.Diez () dvc es>
> Sent: Monday, January 24, 2005 12:22 PM
> Subject: Re: Proposal to anti-phishing
>
>
> > Old PC's can use serial or parallel readers, more recent 
> PC's can use
> > USB readers. Still NEWER machines can use integrated card readers.
> > Where's the downside?