Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

[Gadi Evron <ge () linuxbox org>]

On 2007-06-28 09:57+0100, Jim Murray wrote:
> Dennis Henderson wrote:
> > When will the customer have to have at least some responsibility for
> > their action/inactions?
> >
> > I guess the person who invents the perfectly secure internet
> > transaction will be the richest person on the planet. Imagine being
> > able to conduct a secure pc based internet transaction with every kind
> > of trojan and keylogger installed....
>
> Very simple, though I can't (unfortunately!)  take credit for inventing it.
>
> Issue the customer with a numbered list of one-time passwords.
> For each transaction, have the bank computer require the use of one of
> those passwords, chosen at random.
>
> That way, no matter what trojans, sniifers or other garbage are on the
> PC the most they can capture is the password for one single transaction
> which instantly becomes useless for any future transactions.

"Please enter 10 of your TANs at random.

> Jim.
>
> --
>      DigitalDaemons IT Services.
> ---------------------------------------
>   E-Mail : jim () digitaldaemons co uk
>       PGP Key ID : 0xB7066495
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

--
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.