Anger about banking network security.
I'm interested in network security for online banking sites. It's a huge problem that seems to be being summarily ignored, and shirked for the responsibility it represents.
And there is a huge, gaping hole in the response for what could be done.
Here's the problem: we're all under attack 24/7. Anyone who has an online banking account is at risk.
Banks have done some things, and sometimes they change for improvement.
My own bank recently instituted a questionaire confirmation protocal, which isn't just annoying as hell, it is poorly designed and only designed to look like they're doing something effective.
The problem with questionaire confirmation, is it only pops up when the protocal requires it to pop up.
In my bank's protocal, if a password or username is mistyped, a common enough occurrence, THEN the confirmation protocal of a pre-answered questionaire arises. That won't catch the bank robbers though.
My bank uses their own list of inane questions that generally have no answer that can be remembered from the time when the questions were answered. My bank also wants an answer to every question in the questionaire. And any failure or similarly mistyped answer wonks the whole deal and you have to call the bank to get re-set.
It's a self-defeating pain-in-the-ass system of security.
And as you can see it's only designed to look effective.
Trojan virus steals banking info is the sort of thing we're all vulnerable to.
And the question here is, what is my bank doing about protecting me from such an infiltration?
Generally speaking, nothing.
Well, there is safety in numbers, or there could be safety in numbers. But no one has yet implemented the most commonsense approach to the security problem.
There should be a way for a personal sign-out word a user can transmit via email to themselves every time they sign out of their online banking account. This personal "mark" should be unconnected and unknown to the bank personnel. This is for our security.
This email would permit me to know when someone who was unauthorized accessed my account. When I sign out I would put a "mark" hidden in an email automatically sent to me, so I know, I was the last person accessing my account, and most importantly that no one accessed my account between when I was there last, and when I come back.
An email (including my "mark") should be sent to me every time I log off, and every time anyone logs off or accesses my online banking account.
Here's how it would work: I choose a variable "mark" (like a password) I would then hide in the text of a short email I would write to myself from within my online bank account. Both I and my wife would use the same "mark" to sign out of my account.
We might choose breeds of dogs, or the day of the week plus one day, or birthdays, or anything that tells each of us, it was us that accessed our account. Guessing the "mark" would be tough, because it would be buried in a short email written by either of us with the intention of hiding the "mark".
That "mark"-email would be emailed to me. I would open the "mark"-email up, and see if it matched what we agreed upon to use as our "mark".
If there is an intrusion into my account I would get email notification of it, and I would be sure there was an intrusion, because there would be no such "mark" as I would recognize.
Levels of security are the best personal protection.
However, this email-"mark" security methodology I have described adds a measure of safety in numbers, because, if I catch an intrusion into my account, I might save myself and everyone else a world of trouble for just spreading the word that an intrusion had occurred.
In all likelihood as the attempts to crack the online safe unfold, the culprits are not going to be immediately successful at withdrawing money. But, as security protocals are currently set up no one has any way to know if, or even how many times our account might have been breached.
This is problematic, troublesome and clearly points to negligence on the part of security personnel designing online banking systems.
As thieves are trying to hacksaw their way into my online bank account and your account and dozens of other accounts all the time, it would be nice to know, if my account had been compromised before they actually start siphening my funds. But, we have no way to know this.
And most bank jobs are inside jobs. Read that sentence again.
And this protocal might even save the bank a world of trouble too.