Ian said:
Cost to the user - far from a downside - if a smartcard
reader becomes essential and they have to spend some money
they might realise what all the fuss is about and get a bit
more security conscious.
I doubt it.
They would probably be so annoyed that the "mega rich" banks are now
charging them for even more stuff that "they don't need" just to
become more rich.
Some users might realise that the smart-card can be appropriate, but
would still be upset at the cost and probably try to switch banks.
Personally, I wouldn't want to go through all the trouble of buying
and installing a smart-card reader, typing in thousands of passwords,
etc, just to pay of my credit card account.
Either I'd find another way (via branch, or something) or switch banks
(if possible) to one that provided me with _simple_ access but also
took responsibility if my account was "phished".
The only way _customers_ will get more conscious is when the bank
forces this "non-repudation" on all of them, such that if their
account _is_ phished the bank doesn't have to pay them back.
Banks need to get security conscious first so that they are _able_ to
implement this non-repudation, (and so that it is fair for customers
to have this responsibility thrust upon them), then we can take the
next step and have the customers take responsibility for themselves!
-- Michael
Ian
----- Original Message -----
From: "Rogan Dawes" <discard@dawes.za.net>
To: "Lyal Collins" <lyal.collins@key2it.com.au>
Cc: "'Florian Weimer'" <fw@deneb.enyo.de>; "'Rafael San Miguel'"
<smcsoc@yahoo.es>; <webappsec@securityfocus.com>;
<Enrique.Diez@dvc.es>
Sent: Monday, January 24, 2005 12:22 PM
Subject: Re: Proposal to anti-phishing
Old PC's can use serial or parallel readers, more recent
PC's can use
USB readers. Still NEWER machines can use integrated card readers.
Where's the downside?
