Andy Linton
19/09/2005 4:15 p.m. >>> So you say it's ok for bank phishing. What about ebay/trademe/other auction/sales sites? Perhaps the correct response is some (more) user education and then allow evolution to take over - those people who are too stupid to work this out lose all their money and then they can't use the Internet any more. While ISPs will lose revenue from them they're probably the ones who cause 90% of the help desk calls and so profitability goes up and we all get more time for beer.
On a more general level it's a simple economic problem and we shouldn't be expending that much energy into finding a technical solution. The current level of bank fraud is _obviously_ acceptable to the banking institutions (1)... When it becomes unacceptable then we'll see more secure (yes, less convenient) methods of conducting e-banking. We'll probably also see the banks seriously publicise the issues and most importantly, we'll see the banks start shying away from accepting financial responsibility for these phished transactions - currently they wear most of the losses. Regards Neil Gardner (1) They are obviously acceptable because we haven't seen the banks go ballistic to close this down from their end - don't think they don't know how, or can't afford it... It's just more trouble than it's currently worth. If we keep trying to solve the problem from a technical perspective, the attacks just get better, and the banks get to sit (relatively) idly by and not have to solve the root problems. Neil Gardner Product Manager - Product Line Management Allied Telesyn Research Ltd New Zealand +64 3 339-9509 (ph) +64 3 339-3001 (fax) NOTICE: This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify Allied Telesyn Research Ltd immediately. Any views expressed in this message are those of the individual sender, except where the sender has the authority to issue and specifically states them to be the views of Allied Telesyn Research.