[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 15/02/11 22:09, Gordon Henderson wrote: > On Tue, 15 Feb 2011, Simon Waters wrote: > >> My bank authorise all transactions via a card reader, so the main trust >> is between the banks web server and my card reader > > I wish mine did - (NatWest) That'll be the one. Wouldn't want an attached card reader that would require software and create a whole host of complex vulnerabilities. > They sent me a very nice challenge/response > calculator that needs a card & pin to operate... (Any Chip & Pin card it > seems, but I don't know if it somehow extract the cards details and uses > them in it's calculations too) It does. > However it is only used to setup new payments, so it would be (should > be) impossible for someone to get into my bank account, setup a payment > to their own bank and make the transaction. > > Unless they also had a NatWest card calculator device.. or had stolen mine. And a card associated with your account, and your PIN (although the PIN can probably be extracted from the card easily enough as I understand it), your date of birth and account number, your password and your pass number. One thing you own, four things you know and a card reader, at least three of which you never type in complete form into your computer. > So in theory the worst that could happen is that they get to see my bank > details, laugh at my overdraft and that's it. Yes. They can reset stuff, so again safety of your postal address is paramount. Teenagers, lodgers, and students are the usual ones to exploit the trust placed in postal addresses. > Let's not forget this though: http://xkcd.com/538/ The number of people who could beat you with a rubber hose << the number of crooks connected to the Internet unless you travel a LOT on business. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq