 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 5-10-2009 18:06, Warp wrote:
> scott <sco### [at] scott com> wrote:
>> I don't see how that would work for most German banks, as before a
>> transaction is made you need to enter a special code from a use-once list
>> that is provided from your bank.
>
> Here not only that, but even if you used the online bank at a public
> computer (you shouldn't, of course, but if) and even if for whatever reason
> you forget to log out, the next user could see your bank details (how much
> money you have, etc) but he wouldn't be able to transfer any money anywhere
> without the code card.
>
For comparison: if I make a payment over the internet my bank sends me
an SMS with a 5 digit number to enter. Not logging off is dumb but they
won't be able to transfer money. One of the complications is when you
don't have access to your mobile phone. Then you can not pay a certain
type of bills (at least it is much more difficult and at least involves
changing security settings. I have never need to do that).
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> For comparison: if I make a payment over the internet my bank sends me
> an SMS with a 5 digit number to enter.
Yeah. Here they're relying on the phone company as their authentication
provider. I think both google and facebook allow that too, but that's to
cut down on spam, or some such.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 6-10-2009 0:10, Darren New wrote:
> andrel wrote:
>> For comparison: if I make a payment over the internet my bank sends me
>> an SMS with a 5 digit number to enter.
>
> Yeah. Here they're relying on the phone company as their authentication
> provider.
Same sort of procedure?
> I think both google and facebook allow that too, but that's
> to cut down on spam, or some such.
How does that work?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> Same sort of procedure?
They're trusting the phone company to be harder to pervert than your
password. They're trusting that an SMS sent to you is more likely to go to
you than the bad guy breaking in.
>> I think both google and facebook allow that too, but that's to cut
>> down on spam, or some such.
>
> How does that work?
It's been a while, but I think it involves not having to enter a captcha
once you do this once with your cell phone. I.e., you've proven you're a
person (because obviously they're not going to let 300 accounts use the same
cell phone number), so you don't have to reconfirm that this account is a
real person.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 6-10-2009 0:20, Darren New wrote:
> andrel wrote:
>> Same sort of procedure?
>
> They're trusting the phone company to be harder to pervert than your
> password. They're trusting that an SMS sent to you is more likely to go
> to you than the bad guy breaking in.
Or at least that a bad guy needs to steal your phone *and* to hack your
account. Doing both in a short timespan is significantly less likely
than one of them.
>
>>> I think both google and facebook allow that too, but that's to cut
>>> down on spam, or some such.
>>
>> How does that work?
>
> It's been a while, but I think it involves not having to enter a captcha
> once you do this once with your cell phone. I.e., you've proven you're a
> person (because obviously they're not going to let 300 accounts use the
> same cell phone number), so you don't have to reconfirm that this
> account is a real person.
Makes sense.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> I don't really understand why giving your bank details to someone would
> be in any way dangerous. It's not like they could withdraw money by simply
> knowing your account number.
In Germany you can buy stuff with just that info on most websites - see
attached screenshot of the amazon.de payment page. The three boxes I
highlighted are to enter your account number, bank code and account name.
Post a reply to this message
Attachments:
Download 'amazon de payment.png' (89 KB)
Preview of image 'amazon de payment.png'
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott <sco### [at] scottcom> wrote:
> [-- text/plain, encoding 7bit, charset: Windows-1252, 9 lines --]
> > I don't really understand why giving your bank details to someone would
> > be in any way dangerous. It's not like they could withdraw money by simply
> > knowing your account number.
> In Germany you can buy stuff with just that info on most websites - see
> attached screenshot of the amazon.de payment page. The three boxes I
> highlighted are to enter your account number, bank code and account name.
How can any bank in the world accept a transfer which a third-party is
requesting, who only has the account number? That sounds absolutely crazy.
People could simply try random account numbers to see if they get lucky.
I understand why that's a necessity with credit cards, but not directly
with bank accounts.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> How can any bank in the world accept a transfer which a third-party is
> requesting, who only has the account number? That sounds absolutely crazy.
> People could simply try random account numbers to see if they get lucky.
Presumably you need the account name, number and bank code to all match
though, it would be almost impossible to guess those unless you got the data
somehow. But still it seems crazy to me, it's not exactly hard to get such
information.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"scott" <sco### [at] scottcom> wrote:
> > How can any bank in the world accept a transfer which a third-party is
> > requesting, who only has the account number? That sounds absolutely crazy.
> > People could simply try random account numbers to see if they get lucky.
>
> Presumably you need the account name, number and bank code to all match
> though, it would be almost impossible to guess those unless you got the data
> somehow. But still it seems crazy to me, it's not exactly hard to get such
> information.
Well, it's not really that bad. If you find an illegal transaction of this type
on your account you can easily cancel it within I think it's two weeks.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Presumably you need the account name, number and bank code to all match
>> though, it would be almost impossible to guess those unless you got the
>> data
>> somehow. But still it seems crazy to me, it's not exactly hard to get
>> such
>> information.
>
> Well, it's not really that bad. If you find an illegal transaction of this
> type
> on your account you can easily cancel it within I think it's two weeks.
Only two weeks? I never knew it was that short, I will have to make sure I
check my online banking more regularly in future!
Anyway, do you know who picks up the cost for this - is it the bank or the
website?
But still, I'm surprised more criminals don't totally abuse this system
enough for it to get changed.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
