Russell Sharpe wrote:
I agree,
I'm not a application Security expert, but why can the banks issue a authentication Certificate, and only allow connections to those who are authenticated?
Using certificates for authentication is fraught with problems, thats why no one does it. IMHO the only way to go is to use some form of two factor auth (sms is promising) but the question is will the customers tolerate it. I f anything is implemented then I suspect it will have to be by all banks simultaneously. As others have pointed out, at the moment the Banks are prepared to wear the cost of fraud (as they do with CC) and ultimately we (the customers) pay in the price of fees. Hmmm... I can see the day when I have half a dozen auth tokens in my pocket. :( now if we could get a standard crypto token... Russell Russell Fulton, Imformation Security Officer, The University of Auckland.