funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

From: Jim Murray <jim () digitaldaemons co uk>
Date: Thu, 28 Jun 2007 09:57:51 +0100
Dennis Henderson wrote:

When will the customer have to have at least some responsibility for
their action/inactions?

I guess the person who invents the perfectly secure internet
transaction will be the richest person on the planet. Imagine being
able to conduct a secure pc based internet transaction with every kind
of trojan and keylogger installed....


Very simple, though I can't (unfortunately!)  take credit for inventing it.

Issue the customer with a numbered list of one-time passwords.
For each transaction, have the bank computer require the use of one of
those passwords, chosen at random.

That way, no matter what trojans, sniifers or other garbage are on the
PC the most they can capture is the password for one single transaction
which instantly becomes useless for any future transactions.

Jim.

-- 
      DigitalDaemons IT Services.
---------------------------------------
   E-Mail : jim () digitaldaemons co uk
       PGP Key ID : 0xB7066495
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: