Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Simple solution to online banking fraud?

  1. #1
    just me duncan drennan's Avatar
    Join Date
    Jun 2006
    Location
    Cape Town
    Posts
    2,642
    Thanks
    119
    Thanked 94 Times in 77 Posts

    Simple solution to online banking fraud?

    Mikko Hypponen has proposed a simple solution which could help to prevent the online banking fraud which has become so common place.

    Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason—something like “.bank,” for example.

    Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: It could be something like $50,000—making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.

    Full article on Foreign Policy
    It is really quite a simple idea, but could potentially stop a lot of fraud and phising. Websites with names like bankofamerica-online.com would easly be recognised as frauds. It almost seems overly simple, but the more I think about it, the more it seems like a relatively comprehensive solution.
    [SIGPIC]Engineer Simplicity[/SIGPIC]
    Turn ideas into products | The Art of Engineering blog

  2. #2
    Email problem RKS Computer Solutions's Avatar
    Join Date
    Apr 2007
    Location
    On the Internet
    Posts
    626
    Thanks
    0
    Thanked 1 Time in 1 Post
    Sounds like a great idea, but I see a few problems in that...

    How exactly do you convince a bank to fork over 50 grand for a new domain name, when they can't even be bothered to listen to their customers...

    Let's take FNB for example... I've requested simply for my statements to be emailed to me, verbally and 2 months later on an official letterhead stating that seeing as they weren't responding to my verbal requests (was in the bank), could I now get this done via a written request...

    5 months later I still walk into the bank once a month or so, drop the letter on their table and request my free statements (cost R90) because they are either not interested in filling my request or like loosing money... You decide...

    On another point, have seen various reports of clients reporting fraud on their bank accounts only for them to be told by the bank that because they were not super diligent in ensuring that they were visiting the correct site, they would not be able to help in recovering their money....

    Why would a bank that couldn't be asked to help their clients, be bothered to fork over 50 grand extra for something they don't care about...

    -- This is my opinion and mine only, not those of this site or it's Administrators or Affiliates --
    Last edited by RKS Computer Solutions; 15-May-07 at 11:38 AM. Reason: added disclaimer

  3. #3
    just me duncan drennan's Avatar
    Join Date
    Jun 2006
    Location
    Cape Town
    Posts
    2,642
    Thanks
    119
    Thanked 94 Times in 77 Posts
    Quote Originally Posted by RKS Computer Solutions View Post
    How exactly do you convince a bank to fork over 50 grand for a new domain name, when they can't even be bothered to listen to their customers...
    Well, they've got the money to give R1million to employees who report theft and fraud (they save HUGE bucks if fraud is reported)

    Quote Originally Posted by RKS Computer Solutions View Post
    Let's take FNB for example... I've requested simply for my statements to be emailed to me, verbally and 2 months later on an official letterhead stating that seeing as they weren't responding to my verbal requests (was in the bank), could I now get this done via a written request...

    5 months later I still walk into the bank once a month or so, drop the letter on their table and request my free statements (cost R90) because they are either not interested in filling my request or like loosing money... You decide...
    It is absolutely crazy. Everyone wins if they just hand over the statements. I think sometimes the biggest issue is that they have these funny internal structures (why are credit card division a law unto themselves???), which just confuse everyone. The right hand doesn't know what the left is doing.

    Are these credit card statements, or transactional account statements?
    [SIGPIC]Engineer Simplicity[/SIGPIC]
    Turn ideas into products | The Art of Engineering blog

  4. #4
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    20,979
    Thanks
    3,055
    Thanked 2,462 Times in 2,067 Posts
    Blog Entries
    12
    A nice idea, but in my opinion it just isn't going to stop people from being victims of phising.

    I've now got a series of emails following on from the one I posted here - ostensibly from FNB warning me that there is a phising scam targetting FNB at the moment.

    The quality of the approach has steadily improved, but the links I'm being urged to click have not. They're way off anything remotely like the FNB site - and yet I'm damn sure some people are clicking.

    It's so hard to protect people from their own ignorance.
    The trouble with opportunity is it normally comes dressed up as work.

  5. #5
    just me duncan drennan's Avatar
    Join Date
    Jun 2006
    Location
    Cape Town
    Posts
    2,642
    Thanks
    119
    Thanked 94 Times in 77 Posts
    Quote Originally Posted by Dave A View Post
    The quality of the approach has steadily improved, but the links I'm being urged to click have not. They're way off anything remotely like the FNB site - and yet I'm damn sure some people are clicking.
    I think the point here is that hopefully after clicking a false link it becomes immediately obvious that the site is a fraud.

    Let's say the phishers (?) are experts and set up an excellent email and copy of a FNB's website (one good enough to fool any of us, and avoiding the tactics we've all bee told to look out for). They happen to use the domain www.fnbbanking.co.za because that sounds very official and is close enough to the real thing to get away with. If FNB was on a .bank domain (e.g. www.fnb.bank) it is immediately and clearly obvious that the phishing site is a hoax. The phishers don't have access to the .bank domain (because the banks would regulate it strongly), and can't make a close enough forgery.

    Unfortunately no idea can stop stupidity — build a fool–proof device and they make a better fool.
    Last edited by duncan drennan; 15-May-07 at 01:45 PM.
    [SIGPIC]Engineer Simplicity[/SIGPIC]
    Turn ideas into products | The Art of Engineering blog

  6. #6
    Gold Member
    Join Date
    Jun 2006
    Posts
    561
    Thanks
    32
    Thanked 49 Times in 32 Posts
    Personally I think it is an elegant and simple solution.
    Regards

    Debbie
    debbie@stafftraining.co.za

    From reception to management training, assertiveness, accountability or interviewing skills, we have a wide range of training workshops available for you!
    www.stafftraining.co.za

    Find us on
    Facebook

  7. #7
    Email problem RKS Computer Solutions's Avatar
    Join Date
    Apr 2007
    Location
    On the Internet
    Posts
    626
    Thanks
    0
    Thanked 1 Time in 1 Post
    It's my normal transaction statements. When the account was opened, it was signed and requested for statements to be posted... Up until today I have yet to receive a single statement...

    And speaking to the branch manager has had the same effect as wringing blood from a stone, got nowhere...

    One thing about the phising though, I have a "DigiTag" from FNB, which means I could give out my account names and passwords to every person on the street, if they don't have access to a 20second remote generated code of the digitag they will never be able to get close to my accounts... Unfortunately some bright spark at FNB has decided to stop with the digitags, which I reckon is one of the most secure features to have... Unless you're a complete dimwit and keep account usernames/passwords and your digitag all in the same place...

    Does anyone have any contact with anyone from FNB that has half a clue?

  8. #8
    just me duncan drennan's Avatar
    Join Date
    Jun 2006
    Location
    Cape Town
    Posts
    2,642
    Thanks
    119
    Thanked 94 Times in 77 Posts
    Quote Originally Posted by RKS Computer Solutions View Post
    Unfortunately some bright spark at FNB has decided to stop with the digitags, which I reckon is one of the most secure features to have...
    They now send the one–time–password (OTP) to your cell phone when you log in though (and digitag still works too doesn't it?), and you need that to add beneficiaries etc.

    Does anyone have any contact with anyone from FNB that has half a clue?
    Have you tried there call centre? Other than the time I couldn't get hold of anyone (at the time of internet banking change over) they have been quite helpful.....0860 11 22 44
    [SIGPIC]Engineer Simplicity[/SIGPIC]
    Turn ideas into products | The Art of Engineering blog

  9. #9
    Email problem RKS Computer Solutions's Avatar
    Join Date
    Apr 2007
    Location
    On the Internet
    Posts
    626
    Thanks
    0
    Thanked 1 Time in 1 Post
    FNB has stated that those with digitags will continue to have it's benefits, so yes, still log in with un/pw/dt code ... but even with their move to the new system, I haven't had any OTP sent to me.. Kinda useless idea anyway if your bank details are saved on your mobile phone and it gets stolen, don't you think? (Might seem ignorant, but be honest and count on your hands the number of people you know who saves their bank details on their mobile phones - bet you you won't have any trouble getting the full 10 count)

  10. #10
    Email problem stephanfx's Avatar
    Join Date
    Apr 2007
    Posts
    203
    Thanks
    0
    Thanked 1 Time in 1 Post
    It seems like a good idea. Another thing that they might consider is to make like yahoo mail.

    On yahoo mail, you get a personalized seal to protect from password theft and scams. It verifies that the sight you are visiting is the genuine site. Should the banks maybe do this, even some the most ignorant of clickers might stop dead in their tracks before typing in a single digit.

    my two cents

Page 1 of 2 12 LastLast

Similar Threads

  1. FNB online banking broken!
    By duncan drennan in forum Technology Forum
    Replies: 4
    Last Post: 26-Mar-07, 01:30 PM

Tags for this Thread

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •