Text 31134, 57 rader
Skriven 2009-04-11 08:41:28 av Robert Bashe (2:2448/44)
  Kommentar till text 31072 av Stewart Arnett (3:772/100)
Ärende: Bank Security
=====================
Stewart Arnett wrote to Robert Bashe on Friday April 10 2009 at 12:06:

SA> Go to http//www.anz.co.nz open an account online...

First problem. In Germany, you can't do that without a so-called "PostIdent",
meaning that you get a form, go with it to a post office IN GERMANY, give the
official the form and your personal ID or passport. He/she fills out the form,
confirms the number and details of the ID and sends the form directly to the
bank. Only then can cou open an account.

In the States, it's nearly impossible - sorry, strike the "nearly" - for a
foreigner to open a bank account online. You actually have to personally appear
in the bank with your passport. And I know for a fact that this is true, having
tried several times to open accounts in the USA by mail or Internet without the
least success.

SA> ... get your card and fly to NZ walk into a branch and have it
SA> "pinned".

Again, totally different from the German and I thought also from the US system.
All bank cards and VISA/MASTER here have a hardcoded ATM PIN which you receieve
in the mail several days after you receive the card itself, i.e. by separate
mail. The ATM PIN is NOT written to the card after receipt, it's there from the
very beginning.

SA> Then walk out of the door and go to another branch and say to the
SA> person behind the counter, "I want to change my PIN." They will take
SA> your card and pass it through a card reader, push their keyboard
SA> across and turn the screen where you can see it. You type in your old
SA> pin and then your new one twice, they flash the card ... done ... they
SA> have to have the card to do it.

If this is really the case, I still can't believe we're talking about
VISA/MASTER, but only about bank cards, AND that would mean the PIN is NOT
hardcoded (but recorded on the magnetic strip) and therefore can be hacked by
anyone with the proper (underground) software and a card reader. You don't even
mention that your identification is checked to make sure you are the true owner
of the account when you do this, although I can't imagine this is not the case.

So if this is really the case, the security holes are a big as barn doors.
Again, I could imagine this might be possible for a bank card, but not for
VSA/MASTER cards. An individual bank might be so little security conscious, but
if the credit card companies would actually do such things, the misuse would be
monstrous. Steal or duplicate 20 cards (with a fake ATM terminal), change the
ATM PINs on all of them to what you like, and withdraw all the money you want
from the accounts. It's just too easy to be really credible.

Oh, and I'm well aware that banks again and again claim their ATM PINs are
"secure". The only problem is that this has time anbd again been demonstrated
to be a false claim by various hacker organizations - the misuse is simply
covered up by generous reimbursement to the cheated customers. That appears to
be cheaper than making the system more secure.

Cheers, Bob

--- GoldED+/W32 1.1.5-0613
 * Origin: Jabberwocky System - 02363-56073 ISDN/V34 (2:2448/44)