User negligence?

• Previous message (by thread): User negligence?
• Next message (by thread): User negligence?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 27 Jul 2003, Stephen Sprunk wrote:

> That's not even the dumbest part.  You can reset your password at most
> banks, insurance companies, stores, airlines, etc. by claiming you forgot
> it; they'll happily reset it to your mother's maiden name, SSN, or some
> other publicly-available datum.

NOTE:  I've had over $42,000 stolen from bank accounts via the internet.
Take that into account when you read this...

First of all security of the physical and network bank web sites may
very well be up to snuff.  However when you combine with the customer
service side of things for the whole package BANK SECURITY IS AN
ABSOLUTE JOKE!  At one bank I was at someone called up claiming to be
me and setup my web account and wired themselves $9,500 three times
over a two day period.  They even called the bank back asking what
was taking so long and why the money wasn't in their account yet.  When
I found out about this a month later (I had no reason to check the website
since I didn't use it) the bank was able to reverse two of the tranfers
and ate the other one (noone ever said thieves were smart, they never
moved most of the money out of the destination account).  During
the conversations with the bank I asked that the account be disabled and
never enabled again and to have this request noted.  Well about 8 months
later someone called in claiming to be me and got the account reenabled.
They had a bank check made out to themselves for about $13,500 and sent
via postal mail.  Fortunately they got caught cashing the check in AZ
and are now in jail awaiting trial.

That however is not the end of things.  I haven't had any more money
stolen, but at another bank, which I have been at for well over 10 years
thus predating any web site, they automatically setup web accounts with a
default password (last four digits of your SSN).  When I heard this I said
to my self "oh %^&*!" I asked to have the web account disabled and was
told this could not be done.  So I immediately went back to my computer
and changed the password.  Fortunately noone has done anything with that
account.

Basically while the network security may be there that is only part
of the package and the rest of the package is not up to snuff.  The
big "problem" in my eyes is that physical presense is no longer necessary
so it is next to impossible to catch these thieves (unless they do stupid
things like the ones who stole from me).  A sophisticated criminal will
probably be able to get away with millions of dollars in a very short
period of time and be able to vanish without a trace.

I'm not sure what needs to be done, but the security as now implemented
is not even close to enough IMHO.  Networkwise (to bring this back on
topic) I'm not sure there is really much that can be done.

bye,
ken emery

• Previous message (by thread): User negligence?
• Next message (by thread): User negligence?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]