[Gllug] Any UK banks using one time passwords / secure ID tokens ?

Daniel P. Berrange dan at berrange.com
Sun Oct 2 13:56:34 UTC 2005 

On Sun, Oct 02, 2005 at 02:38:52PM +0100, Alain Williams wrote:
> > 
> > At an absolute bare minimum, I'd like to be required to use one time 
> > passwords and/or one time keys from a secure ID generator token. I hear
> > such measures are common practice in countries such as Sweeden, but thats
> > not much use for me. So, my question, does anyone know of any UK banks
> > which are providing this kind of level of serious security ?
> 
> As far as UK banks are concerned, security means protecting their own security.
> They want to offload the responsibility for something going wrong onto someone else.

Yeah, unfortunately pretty sums up the problem. You can see a similar attitude
with the introduction of chip+pin, and the dispute resolution process

  http://www.cl.cam.ac.uk/~mkb23/spin/problems.html#dispute

  "UK banks have a voluntary code of practice that is supposed to say what 
   happens in the case of a phantom withdrawal. You can see the clause on 
   liability here. It says that the bank must show that the customer acted 
   fraudulently or without reasonable care, otherwise reimburse the customer 
   fully. Initially this seems very promising, however there are big gaps.
    ...

   The banking code of practice is thus inadequate to protect the customer. 
   The signature on receipt system provides much better dispute resolution 
   for customers. Using a PIN is thus not in the customer's interest."

Dan.
-- 
|=-            GPG key: http://www.berrange.com/~dan/gpgkey.txt       -=|
|=-       Perl modules: http://search.cpan.org/~danberr/              -=|
|=-           Projects: http://freshmeat.net/~danielpb/               -=|
|=-   berrange at redhat.com  -  Daniel Berrange  -  dan at berrange.com    -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20051002/29cc66b8/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list