WebApp Sec mailing list archives
RE: Proposal to anti-phishing
From: Michael Silk <michaelsilk () gmail com>
Date: Tue, 25 Jan 2005 09:14:46 +1100
Ian said:
Cost to the user - far from a downside - if a smartcard reader becomes essential and they have to spend some money they might realise what all the fuss is about and get a bit more security conscious.
I doubt it. They would probably be so annoyed that the "mega rich" banks are now charging them for even more stuff that "they don't need" just to become more rich. Some users might realise that the smart-card can be appropriate, but would still be upset at the cost and probably try to switch banks. Personally, I wouldn't want to go through all the trouble of buying and installing a smart-card reader, typing in thousands of passwords, etc, just to pay of my credit card account. Either I'd find another way (via branch, or something) or switch banks (if possible) to one that provided me with _simple_ access but also took responsibility if my account was "phished". The only way _customers_ will get more conscious is when the bank forces this "non-repudation" on all of them, such that if their account _is_ phished the bank doesn't have to pay them back. Banks need to get security conscious first so that they are _able_ to implement this non-repudation, (and so that it is fair for customers to have this responsibility thrust upon them), then we can take the next step and have the customers take responsibility for themselves! -- Michael
Ian ----- Original Message ----- From: "Rogan Dawes" <discard () dawes za net> To: "Lyal Collins" <lyal.collins () key2it com au> Cc: "'Florian Weimer'" <fw () deneb enyo de>; "'Rafael San Miguel'" <smcsoc () yahoo es>; <webappsec () securityfocus com>; <Enrique.Diez () dvc es> Sent: Monday, January 24, 2005 12:22 PM Subject: Re: Proposal to anti-phishingOld PC's can use serial or parallel readers, more recentPC's can useUSB readers. Still NEWER machines can use integrated card readers. Where's the downside?
Current thread:
- Re: Proposal to anti-phishing, (continued)
- Re: Proposal to anti-phishing Florian Weimer (Jan 19)
- RE: Proposal to anti-phishing ACMurray (Jan 15)
- RE: Proposal to anti-phishing Michael Silk (Jan 19)
- Re: Proposal to anti-phishing exon (Jan 23)
- RE: Proposal to anti-phishing Michael Silk (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)
- Re: Proposal to anti-phishing Michael Silk (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)
- Re: Proposal to anti-phishing Michael Silk (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)