Secure banking is not with fingerprinting

In Melbourne newspapers covered a crackdown on Online Banking fraud with announcements of Fingerprinting technology.

Umm, haven’t you Australian security experts heard of One Time Passwords?!

Sampo my bank in Finland sends me a plastic credit card with lots of number pairs. When I shift money it asks for a number which I match up with the other pair on the card and submit it. It’s different every time. Once I’ve exhausted all the options, Sampo sends me another plastic card with new numbers. Unless someone has my account details, password and the plastic card then you can’t shift my money around.

Sampo is smart.

My ANZ Internet Banking account in Australia on the other hand is daft. Javascript popup window so it is difficult to know whether your connection is even secure. After logging in with my account details and password I can shift money even to overseas accounts. Which is a security nightmare. Some Web browsers (UAs) are able to cache my password, so anyone using my computer could shift my money around. One time passwords would prevent this, as someone would require the new matching number.

ANZ, get a CLUE!

I imagine Finger Printing technology not only to be costly and stupid, but I heard from a Japanese security professional that elderly people do not have enough moisture in their fingers to use such devices.


If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!