Re: Nordea Sweden shuts Internet banking due to targeted phishing

[Valdis.Kletnieks () vt edu]

On Wed, 05 Oct 2005 15:14:25 BST, Craig Webster said:

> This is only true so long as clients actually care about security and don't 
> think "oh it'll never happen to me; I'll stick with my current bank because 
> it's less hastle."

And a lot of people managed to miss a point that Schneier keeps making: Security
is about *tradeoffs*.

I do business with a bank that's somewhat underclued in the e-security area,
and admitted it when I went to talk to them about it.  However, they'd have to
be a *lot* more unclued than they are before their lack of clue on this one
thing outweighed the benefits of my having done most of my banking there for
the last 15 years - everything from them having more ATMs in the places I need
them on a daily basis (and avoid a $2.50 charge each time) to the fact that in
the last decade, none of the other banks with a presence around here has made a
better offer for my business. Cheapest, most convenient, *and* most helpful -
it's gonna take a lot to make me move. :)

And defence in depth helps here too - my bank is a bit weak on the e-security side,
but they've called me several times when they've spotted an anomalous transaction
(turned out each time I'd done something truly oddball compared to my usual
business pattern - but they did in fact notice the oddness..)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.