Which goes back to the root of the *real* problem here. Banks are mainly concerned with physical security. Internet security has always been handled as more of an afterthought and mainly for reasons of due diligence. The real problem is the banks have a known security flaw with a simple password login for account access. That, as has been discussed here, is a significant flaw in the overall design of what should be a secure system and access method. The underlying issue here is that the bank, whom should be the subject matter expert, clearly is not. They offer one way, and one way only to access, arguably, our most sacred information. Furthermore, they offer very little, if any, training to their clients, the end-user. A quick thirty second blurb is not due diligence for an organization that values it's customers. The bottom line is if they offered a SecureID sort of setup, or any other of a number of methods out there that *would* circumvent a key logger or similar hack, the customer would more times than not, comply. Even at the customer's expense. Customers may not be technically savvy overall, but they value their own money above even the bank. If it's explained that the added cost/benefit is there, and is a real, tangible issue, a ten or twenty dollar nominal fee is just that, nominal. Until banks realize this, they are undoubtedly and unequivocally at fault. Bill G. -----Original Message----- From: Peter Galbavy [mailto:peter.galbavy@knowtion.net] Sent: Monday, July 28, 2003 3:13 AM To: ken emery; North American Noise and Off-topic Gripes Subject: Re: User negligence? ken emery wrote:

I'm not sure what needs to be done, but the security as now implemented is not even close to enough IMHO. Networkwise (to bring this back on topic) I'm not sure there is really much that can be done.

Don't forget the desperate need for user *and* staff education. I have now multiple time got calls from my bank asking to discuss my account. Could I just verify my details ? they asked. Er, you first, I said. They didn't get it. They didn't understand why, as someone who is lightly paranoid and understand more about security than they do, I was concerned that they couldn't prove they were from the bank... Peter