Of course you all should realize (if you do not know at this point) that the reason why your bank charges you fees is because your bank is a business in this economy. At all cost, your bank's goal is to provide services that are cheap for them, and as low of an impact of cost on the customer. If we are introducing something in legislature that would force all banks to be liable for the costs of these tokens, your bank is going to be in financial trouble (depending on the size of your bank I assume), and then eventually be bought out by another bank multiple times or close down. Wouldn't that be fun? So of course the bank is going to charge you to have these tokens, they need to make profit too.

Internet and secutiry wise, I think the tokens could be an advantage, or a reassurance of extra security for the customer. But I think the bigger problem lies in the carelessness and/or misinformed and/or uneducated customers who may not know about phishing, or how to keep their computers secured and up to date. Is every customer going to want to do that? We sure hope so.

Although, on the positive side of this, I can agree with anyone that the legislation and the tokens are going in the right direction that we should have been going in when Internet Banking was born. However, it is not the resolution.

If some of you have not known this, there is a new Windows (Windows Vista) coming out in the next year or so, and will feature a Phishing filter. This is where if you go to a Phishing site, Internet Explorer is going to warn you not to view the page or just simply block you out of it. I applaud Microsoft for finally coming up with something that is going to lead security in the right direction.

No matter how much you keep your computer up-to-date and secured, no matter how many firewalls you have on your computer, or popup blockers, no matter how many spyware scans you do per month, per week, per day, per hour, and no matter how safe you feel about being on secured website, there is ALWAYS going to be that risk of having your information compromised. If you have not seen the keyboards yet (from Microsoft) that have the thumbprint scanner on the left hand side, I think that tool could be an even bigger advantage than the tokens. So for example, you would have a UserID that you created, a Password that you created, and then when you go to sign on a window would come up and ask you to place your thumb on the keyboard thumb scanner, I think that feels secured enough.

I think what it comes down to is Financial Institutions should only be responsible for sensitive information that Financial Insitutions deliver that should have not been. All customers can do is point the finger and blame someone because they gave out their information to someone they do not know or necessarily trust.

That's just my opinion.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/363/32557#32557