[Dshield] ID theft ring hits 50 banks, firm says

Bo Nordgren bo at nordgren.net
Wed Aug 10 07:07:04 GMT 2005


On Tue, 09 Aug 2005 20:02:31 +0200, Tony Earnshaw wrote
> tir, 09.08.2005 kl. 17.06 skrev Mark Tombaugh:
> 
> > > about all Dutch (read "The Netherlands") banks (mine's ING Bank, 
> > > don't use passwords, they use a machine-based (I get a credit-card sized
> > > but thicker "calculator", at no cost to me) one-time challenge/response
> > > protocol over https for admission to Internet users' accounts and a
> > > separate challenge/response, once "inside" that account, for any
> > > transaction attempted.
> > 
> > Very curious, what product are they using? I have seen some fairly
> > amazingly priced similar solutions (eg
> > http://www.securecomputing.com/index.cfm?skey=1131 at around 10-15 USD
> > per user) and am considering implementing something similar, just not
> > sure which products are excelling in the real world.
> 
> "Made in China", that's what it says on mine. Aka "Why not write to them
> and ask them?" Try info at ingbank.nl. However, given the size of ING Bank
> (HUGE) and likewise the quality of its IT division, I'd more likely
> guess that my calculator is an in-house product and that you'll get no
> useful info from them. Same with the other large Dutch banks (ABN/AMRO,
> Rabo, SNS/B, Fortis, etc.)

I have put the same question to ING, ABN AMRO and SNS bank and they are a bit
tightlipped about it but from what I heard it is mostly a branded RSA counter (ING in
Luxembourg) or a home built solution like ABN were you punch in a number it calculates
the correct answer based on your personal cert stored in your bankcard.

I'd also like to point out that the dutch bank Postbank is in the dark ages when it
comes to security. You have a login page with username and password for login that lets
you see all information on accounts and such. Doing transactions require a one time code
that can be obtained with an SMS service.
Dunno what you people think about that but I feel it lacks some safety.

--
Nordgren WebMail (http://webmail.nordgren.net)



More information about the list mailing list