Email Scams and Authentication

True, you don't, but the technology is the same. Encouraging one part of it into widespread use will open the floodgates to proliferation of the other.

I'm slightly disappointed RBS are merging the second level authentication with the first.

I have always been very happy with the request for random characters from the password, and especially when the second level (transfer of money etc) involved a different request of random characters from a different password.

It makes it easier for the user to remember only one password however I feel it is a backwards step in the security of the system.

Cheers

The banks, at least Bank of Scotland, seems to employ the people that can hardly write valid HTML, CSS and JavaScript that work in something other than Windows/IE -- just look at their "Internet Service". The ability to plan, implement and maintain something like authentication and certificates seems to be impossible in this light. Or it might be too expensive to employ those who understand the problem and the means/tools to rectify it.

So they prefer to refund the monies "in the unlikely event of fraud" instead.

Vadim

My BOS account works fine in Firebird, also in Opera if I maximise the windows.

Given that many other sites do not work at all with anything other than IE this is not that bad IMHO

Andy

They have managed to screw the "old" Internet Banking completely this summer. The argument was pretty standard -- "The majority of customers use Windows and IE".

And there is another story evolving -- not about HTML and accessibility, but mostly about usefullness and competence:

1) I have made two payments into my CC account on Friday 5th and Monday 8th using their "new" Internet Service. 2) Received two instant emails confirming that the payments were accepted. 3) The monies were taken from my current account on Monday 8th and Tuesday 9th accordingly. 4) Today, as of 8.32pm Thursday 11th the money are still travelling. Somewhere. "On unpaid vacation" [Ronald Raygun? :] 5) The lady in the call centre ensured me that they haven't seen the payment and "we do not control the transfer, it is with your bank". If the money will not be found on Friday, I have to fill the "Lost Payment" form with my branch, said the call-centre lady. 6) My bank says that they have transferred the money to Halifax Card Services, and I can see it in the statement. If the money will not be found on Friday, I have to ask the Halifax Card Services to fill the "Lost Payment" form, said the local branch.

Any ideas how to return (or push) the payment quickly and effectively? Any help is greatly appreciated.

Vadim

assuming you mean me, I'm not dutch ....

My understanding from halifax with whom I have a current account in the uk is that if I use their online banking, transfers are possible after logging in with a user and password typed in IE.

I rejected it at this point so haven't experienced their security. Anyone care to tell me if my understanding was incorrect?

I was also recently asked by a Brit who had just accessed their account at a small email cafe in Malaysia how secure it was, he told me he just typed a user and password which is what got me thinking about how (in)secure that is and came to the conclusions voiced here. I'd love to do everything online but not prepared to when I am required (in thory - according to agreement) take the loss in case of fraud and when I think the system is potentially (very insecure.

David.

Software author. (please edit my email addr. to prove you're not a dumb 'bot) Web Log Analyzer by Search Term

Kybie GetEmAll - Make IE an offline browser

You still need a pin code as well. presumably the machine could only be reverse engineered to translate a pin code + code from bank to code to send back to the bank as authentification. The pin is only typed in the handheld machine so no scope for windows security holes or keyloggers or anything else to get it. David.

Software author. (please edit my email addr. to prove you're not a dumb 'bot) Web Log Analyzer by Search Term

Kybie GetEmAll - Make IE an offline browser

Good, they have got better since I last looked then. But with a 4 digit PIn this is not good enough for me to accept.

Unfortunately you only get to try them when you sign the documents that you'll accept the loss when they lose your money. I only know how they say they work. hmm if they can't even get that right.

Perhaps just my British sensibilities but have the feeling you don't like me'cos you think I'm johnny foreigner. Flatterred again ;-))

David.

Software author. (please edit my email addr. to prove you're not a dumb 'bot) Web Log Analyzer by Search Term

Kybie GetEmAll - Make IE an offline browser

In message , david writes

Sorry, it was the best way to describe you. No offence!

I have no knowledge of their system, just three others.

In think that his experience is somewhat limited.

Point taken, but I think you will also accept that your experience of UK on line banking is very limited?

In message , david

You should try it. You dont expose yourself to any threat by logging on in the privacy of your own home do you?

No, I reckoned your were English but it was easier to refer to you as the being dutch to make the point that you were making criticisms from abroad without actually having tried it recently, even recently. Im glad you accept that.

"david" wrote

Isn't your liability under fraud limited to 50 (max) under the CC Act??

In message , Tim writes

Whats the Consumer Credit Act got to do with it?

"david" wrote in message news: snipped-for-privacy@news.teranews.com...

To log in you need your ID, password and the answer to one of several questions.

Once in the system, you can set up transfers to other Halifax accounts and transfers to other organisations, be they banks or other concerns. I think that you can also set up regular payments, but haven't tried that one.