[TriLUG] OT: lack of security at BofA
Ed Blackman
ed at edgewood.to
Tue Dec 23 13:27:48 EST 2014
On Mon, Dec 22, 2014 at 11:02:19PM -0500, Alan Porter wrote:
>> I would like to see elimination of direct information and access to
>> accounts. Transactions should be unique and use a one time cipher and
>> authentication where processing a transaction does not give you the
>> information or ability to process a future one. Something like Kerberos
>> ticket authentication comes to mind.
>
>http://en.m.wikipedia.org/wiki/Secure_Electronic_Transaction
>
>Developed by the card services in 1996. Never went anywhere.
It was fairly complex to implement. I worked on an IBM product that
implemented SET in the early 2000s, and there were a lot of moving parts
that could potentially go wrong. To be accurate, I mainly worked on the
product's installer, but I would have to set up test scenarios, verify
that the product was working after installs and updates, etc.
The last thing a retailer wants is complex software that has a chance of
saving on fraud, but also has a chance of not working and blocking
everyone from buying anything on the site.
--
Ed Blackman
More information about the TriLUG
mailing list