* Posts by Johnnicei

1 publicly visible post • joined 24 Dec 2016

Banks 'not doing enough' to protect against bank-transfer scams

Johnnicei

Re: Banks can only do so much...

Finger readers have been around for a long time, but it can be some iris scanner, blood analyzer, or anything else physical PLUS something you know like a password. The physical finger would be for example the first authentication and only then go to the password... this way it should be secure... if correctly implemented...

This would be some kind of HSM (Hardware Security Module), but in a format of some credit card sized calculator with touch screen to display the information to be authorized in it self.

Can it contain flaws? Absolutely... specially if they are made in some country's that almost require it (like say: China, EUA, Israel, UK, France...)... but if not, it is such a dedicated hardware that doesn't need to include third party software "add-ons" so it can really be secure... and several company's could be contracted to do security audits (design/ implementation/ code) to make sure of that.

Security can exist but just in some narrowed parameters, at least in computing technology (and yes, subject to knowledge and technological evolution).

The problem of the frauds is not about the bank, but about the clients! When someone money is stolen, and the banks says it is the client fault, even if the client couldn't have done nothing to prevent (like say: data stolen from his debit/ credit card by wireless readers... because of that NFC technology that banks almost oblige into their clients.. and many banks say that you either accept the card or you don't have any card at all.. just search youtube and you will be amazed with how easy it is to stole debit/ credit card this days with this NFC "wireless" cards)... then the costumer will loose the money, and forget the insure... it is almost impossible to have the money back... you have to proof beyond any doubt and most likely go to the courts... depending in your country you may never see the money! And for some people £50 is nothing, to others can mean that they won't eat that week.

Bitcoin kind of money transfers, if really improved to be really secure/ private/ safe, it would be a good idea... but for now it doesn't seem it will happen.

The Quantum algorithms security remains to be seen... problems seem to keep popup every time someone really decides to give it a closer look... but some seem better then others, eventually something will come... probably from NSA to make sure their is a backdoor into everyone devices like now with NIST P-256 and NIST P-384 (the only one that seems ok "NIST P-521" has mysteriously disappeared from almost every browser support for example... because the spy agency says aes256+sha384+NIST P-384 would be just fine... if the SPY agency says that and is job is to spy... and everyone else (NIST and Ecrypt II) says to have 256 bit security you need AT LEAST 512 bit hash and 521 bit elliptic curve... I would see the recommendation of the 384 bits with very concern! But apparently I'm the only one.