Federal regulators, alarmed by the threat of online financial fraud,
> are requiring banks by the end of 2006 to provide several layers of
> identify verification before customers can access their accounts and
> conduct other banking over the Internet.
Yet they continue to allow (or even encourage) banks to refuse to allow customers to require any verification at all for ACH debits against their accounts by third parties.
In addition to standard passwords, customers may soon need a unique
> digital 'fingerprint' that will identify their computer for the
> bank, or may scan a copy of their real fingerprints to identify
> themselves to the bank's network.
As usual, their answer is for consumers to disclose more personal information and/or allow snooping on their computers. I'm sure that information will never be abused ... even by the phishers who will collect it as well ...
Another, more cumbersome method would have customers carrying
> keyfob-sized electronic 'tokens' that authenticate their identity.
Because it would be, like, impossible to set up a cryptographically secure, publicly verifyable (open source) system that works for the customer ...
It's getting really hard to attribute all this nonsense to mere incompetence.
Dan Lanciani ddl@danlan.*com