[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 28/04/13 20:41, Martijn Grooten wrote: > > Thing is, > quite a few banks do things right, and the really stupid things (like > requiring your mother's maiden name to gain access to your account) > don't really happen any more, if they ever happened in the first > place. But they do happen in the heads of some "security evangelists" > and I tend to hang out with some of these people. :-) The credit card processors we looked at around Christmas were determined amongst other things to know which "High School" my employer (a UK Limited Company) attended and who their "High School teachers" were in various years. So I fear the security evangelists are not imagining this. This is wrong on so many levels..... The account is for companies not individuals. It isn't customized for the UK. The answer (in the US, if honest) is probably in a year book somewhere, possibly online these days, and might be obtained by social engineering. I haven't seen the banks do really stupid things recently (well with their banking hat on rather than credit card handling hat), and the transaction confirmation via a card reader is a good idea, but the banks I've seen still do a whole raft of suboptimal things which would have cost little to get right in the first place if someone had thought about it a bit more. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq