Is your banks Online security policy making it more of a target for Phisher's?

Published: 2006-12-04
Last Updated: 2006-12-04 17:49:31 UTC
by Deborah Hale (Version: 2)
0 comment(s)

This morning in the Handler's secret room, we were having a discussion about financial institutions and there supposed security policy making them a lucrative target for spamming and phishing.  Our discussion centered on
how they attempt authentication and if this authentication actually increases the likelihood that your account will be compromised. 

One example:
A bank or financial institution implements a security policy that requires you to answer a question in addition to your user id and password.  This sounds great right, a "two factor" method of identification.  Well, maybe not...  You see, if you can't answer the question correctly in addition to your correct user id and password, your account gets locked out.  Ok so now what.  You call the bank and say darn it all my account got locked out....  What does the bank say?  Ok we will reset your password, what email address do you want the new password sent too. Oh, by the way - the new password email will not come from us.  We have someone else send it.  Hmmmm....  Oh - by the way, you may want to check your spam filter because the email make get stopped.

Seriously, what are they thinking? 

What do you think?  Does your bank or financial institutes method of authentication make you a more lucrative target?



Keywords:
0 comment(s)

Comments


Diary Archives