[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 2010-03-28 at 11:11 +0100, Gordon Henderson wrote: > On Sun, 28 Mar 2010, Simon Waters wrote: > > > NatWest have gone with making your end point a card reader they send > > you. So that the secure channel is between the bank and the card reader. > The coopbank solution seems OK to me. They send you a little card reader gizmo and when you want to transfer money between accounts you put your card in the gizmo and enter your PIN. Then you enter the 8 digit number displayed on the website on to the gizmo. This generates a number on the gizmo which has to be entered on the website (of course you've already done all the usual log on stuff, sort code, acc No. secret number and 1 of 4 random passwords). There is no secure channel as such So either the fraudster has gizmo, card and pin, plus all other details, or a fake site which replicates the entire functionality of coop bank it seems pretty difficult to be ripped off. If it is possible I'd really like to know how? (as a matter of interest because other than iris or fingerprint readers I can't think of anything safer). Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html