Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Intel Corporation (INTC) -- Ignore unavailable to you. Want to Upgrade?

To: prtscrn who wrote (182380)	10/18/2005 5:26:10 AM
From: aleph0	Read Replies (1) \| Respond to of 186894

"OT, Amy J it looks like online account security is on it's way." On Banking Security... Nearly "all" German banks use an almost foolproof mechanism. PIN - Personal ID No. TAN - Transaction No. USB-CARD for double verification in some cases. The customer receives a TAN list at their registered postal address. This is a list of normally ca. 50 6-digit random numbers. Transactions can "only" be executed by inputting the "next free TAN" from the list. So it's not enough to break into an account - if you don't have the TAN list, you can't do anything. I've heard of a few cases where hackers using "keyloggers" have trapped the TAN-input , and "reused" for their own use. But AFAIK, these are VERY rare. Surprises me that US banks don't have the same system - or do they ?

To: prtscrn who wrote (182380)	10/18/2005 6:35:59 AM
From: Amy J	Respond to of 186894

RE: " Federal regulators will require banks to strengthen security for Internet customers" Good ! RE: "they physically have, like a hardware token with numeric access codes that change every minute." Your thumb is always physically with you, so they should use fingerprint technology thru a tiny USB thumbreader. It would be horrible if the solution was different hardware tokens for each and every brokerage firm and bank, for goodness sakes. I would lose all of them. RE: " biometrics or "smart" cards" Biometrics = fingerprint technology = yes = smart solution. smart cards = no. Smart card is not universal to any devices, and is too large for small PDA/mobile devices. And people should not be forced to carry a ton of smart cards in their wallet/purse that they will only lose! Arg! Bad solution. RE: "one-time passwords on scratch-off cards or require "secret questions" about a customer's account, such as the amount of the last deposit" Bad solution. I would lose all of these cards and I never know what any last deposit is, whether that deposit is a credit, my paycheck, dividend, interest payment or what-have-you. Also, for corporations, they have no clue what their last revenue deposit is, unless they are already logged into their accounts - that's catch-22! RE: "Web user's physical location and compare it to the address on file." Very bad solution. Not everyone has a housespouse at home that can dink around all day long with bank accounts. Some of us actually work for a living and are more MOBILE than banking executives' stay-at-home spouses. Do these bankers want a slower GDP by creating a poor solution where people have to stand in one location in order to do their banking? This only would be useful as an "add-on option" for those people who cannot be mobile, such as some of the handicapped. RE: "password entry through mouse clicks instead of typing" A mobile wifi device does NOT have a mouse. Use fingerprint. RE: "the policy could stimulate wider use of two-factor authentication by other merchants" This is why it needs to be standardized hardware that works with Windows and OEMs, like a standardized USB-thumbreader - which could connect to every device (notebook, PC, PDA, wifi mobile, etc.) RE: "VeriSign is" What do they know about standardized hardware deployment, integration testing with notebooks, mobiles, etc.? They probably would come out with some non-standard solution that doesn't work with Windows nor Dell. That would suck. I'd have to find a different country to do my banking. Until banks get their act together, why can't banks/brokerage firms simply let people request "money can never be removed from my accounts unless it goes thru a two week waiting period after snail mail & email confirmation for such a request of withdrawal, and has notorized signature." The biggest fear anyone has, is if their money is withdrawn, so why is it so hard to give customers an option to request money cannot be withdrawn unless the special hurdles are performed. Regards, Amy J