- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Fourteen years ago I warned MyBank (which is not one of my clients; I am one of its) about using Social Security numbers as solid identification. The bank's head of security said he would look into it. Since then, the security at MyBank has gone from bad to worse. It's still a recipe for ID theft.
During a recent tele-banking transaction, I was instructed to enter my bank account and Social Security numbers. MyBank's "new and improved" system was using two pieces of publicly available information as proof-positive remote identification. When I confronted MyBank about this, it took 30 days to fix this gaping security hole.
Last month, MyBank assured me its online banking system was fixed. Logon security was decent: a long, secret account number generated by the bank, my federal EIN, a four-digit PIN and no cookies. As a test, I moved money to American Express and paid Al, a member of my staff.
Several days later, Al screams, "Where's my paycheck?" I had proof I sent it. Amex also said it had not been paid. I had proof I paid it. I called MyBank and asked for proof of receipt of funds by Amex and Al's bank, but was told the bank does not use acknowledgements from online transfers. The most disturbing security aspect is that no one at MyBank could tell me where my money was when it was not in my account and not in Amex's or Al's.
Then security at MyBank plummeted to a new low. The reasonable logon security had been shattered, as the long private code was no longer required. Now my publicly available account number and a mere four-digit PIN was the sole defense of any account that sits on the Internet. The obvious attempt to simplify the user experience is a devastating blow to security. An ATM card only requires a four-digit PIN, but it employs the "something you own, something you know," identification mantra. Silly me for expecting better banking security on the Internet.
When I once more attempted to pay my staff, Al was again the victim. His money was snafued in the labyrinth of MyBank's infrastructure. Without my knowledge or approval, a banking employee: (1) cancelled my payment to Al, (2) issued a payment from my account with something called a "forced check" to Al, (3) withdrew a duplicate payment from my account without my authorization and deposited it in Al's account, and (4) cancelled another payment to Al. The net effect of this security transgression was a cascade of bad checks, overdrafts and the freezing of Al's other accounts.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment