fanf: (Default)

(no subject)

posted by [personal profile] fanf at 12:10pm on 21/10/2008
That is quite a good idea. However banks are HOPELESS at anti-phishing security. For example, their use of domain name branding so you don't know which domains are legit marketing exercises and which are fraudulent look-alikes. A recent real example of a bank using phishing techniques in legitimate email was <a href="www.barclayswealth.com">www.stockbrokers.barclays.co.uk</a>. So I don't have much confidence in them implementing useful security techniques.
[parent entry] [link] [reply]
 

(no subject)

posted by [identity profile] del-c.livejournal.com at 01:14pm on 21/10/2008
And they're not thrilled by everyone knowing they're hopeless, which makes "throw a light on the scope of the problem for a few days" the last thing they want to do, if it isn't going to do anything else.
[link] [parent] [reply]
 

(no subject)

posted by [identity profile] james-r.livejournal.com at 07:00pm on 22/10/2008
Surely rather than sending out a 'warning' image if a non recognised referrer is used (which the fraudsters would just stop using banks official websites for images straight away), it would be better to silently use that information to mark up the fraud probability warning on a given transaction initiated from that user (which they already do if they've half a clue).
[link] [parent] [reply]

September

SunMonTueWedThuFriSat
  1
 
 2
 
 3
 
 4
 
 5
 
 6
 
7
 
 8
 
 9
 
 10
 
 11
 
 12
 
 13
 
14
 
 15
 
 16
 
 17
 
 18
 
 19
 
 20
 
21
1
 22
 
 23
 
 24
 
 25
 
 26
 
 27
 
28
 
 29
 
 30