Skip to main content

The WiKID Blog

Viewing posts tagged Transaction Authentication

two-factor-phish-against-citibank-demonstrates-the

Lance James at Secure Science has screen shots of the phish attack against CitiBank's business site that uses a hardware token one-time password system. You can see them on WaPo's Security Fix Blog.

article-published

I had an article published, this time over as SearchSecurity. Attacks illustrate need for stronger authentication.

world-of-warcraft-gets-two-factor-authentication

As we noted way back in 2006 the value in gaming credentials will bring out the fraudsters.. Now Blizzard is offering tokens for WoW. Queue the "If I can get it for WoW, why not my bank" blog posts:

I agree with the sentiment but I wanted to start a conversation regarding why you won't be seeing these tokens in the mail from your bank any time soon. The reason most banks, e-commerce sites, and even corporate VPN connections aren't protected by two-factor authentication can be broken down into a few reasons:

  • cost: additional cost to customer, shipping, inventory, infrastructure, licensing, staff, overhead, etc.
  • complexity: dealing with lost tokens, mistyped numbers causing locked acconts, countless help desk calls, etc. If you are locked out of your WoW account you can't play a game, when you are locked out of your bank account you can't pay bills, transfer funds, check your balance, etc. Simply put, the downside risk of customer convenience is greater than the upside risk of greater levels of security.
  • motive: Blizzard is providing these tokens to help secure customers accounts, but also to further secure their future revenue stream and also to combat piracy and cheating, in short, it makes business sense. Banks don't typically suffer very much if a customer account is breached as they very rarely take the hit themselves but instead either insure against the loss (either federally or privately) or simply passing the costs onto customers.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom