Hey all, hypothetical scenario: let's say someone accesses my internet bank account with my passwords (no guessing) and transfers funds to a dodgy bank in Nigeria or even a UK bank account obtained using identity theft. The funds are then promptly drawn out in cash and laundered.
Presumably under the circumstances, the criminals will get away, the bank will deny any liability and I will be left footing the bill for the fraud. Ouch! Was it my fault for letting the criminals get my password? Maybe not.
This may not sound as "hypothetical" as it may seem. I refer you to:
In a nutshell, using wireless keyboards (which myself and even banks are guilty of) can result in appropriately equipped fraudsters "listening in" on your keystrokes and obtaining passwords, account details, etc. At the moment I believe many off the shelf consumer wireless keyboards do not come with strong encryption (if any), and those that do encrypt have a mostly untested (and thus uncertain) level of security.
Anyone who has experience with this sort of thing knows that most of the time, things don't come 100% secure out of the box; you expose it to the public, holes are found and they are plugged.
You as the customer might be paranoid about security and have done no wrong, but if your bank's tellers use wireless keyboards then in theory someone could just queue politely & surreptitiously at their local busy branch for 15 minutes (or fumble at the ATM), gathering all the keystrokes for deciphering later. You may have done no wrong but as the victim, but you will foot the bill.
Who pays for fraud as described above? Is the burden of proof under the circumstances on the customer to prove that they didn't act irresponsibly with their password data (hard to prove a negative...) or can they simply point fingers at the bank and say that the bank's IT security was lax?
Is it just me, or why aren't more people worried about this?