Saturday, April 25, 2009

SafeTPIN Side Effects

Here's yet "another" reason why banks should utilize HomeATM's SafeTPIN for authentication. 

SafeTPIN securely authenticates the user by allowing them to swipe their bank issued card and enter their bank issued PIN.  No data other than the information contained on the magnetic stripe is collected so the privacy issue being discussed below is moot.  End result? 

Fraud elimination, consumer privacy protection AND it enables the online banking customer to securely pay bills, transfer money and conduct safe eCommerce transactions, all with 2FA, 3DES end to end encryption and DUKPT key management. 


CAUTION: If your financial institution employs a "Username:/Password" style authentication,
side effects from using our 2FA (two factor authentication) PCI 2.0 certified SafeTPIN PED may include: enhanced image for the bank, elimination of the threat of a cloned website, DNS attacks, malicious code, malware, keylogging, click jacking, worms and zombies.  Be aware that Cloned cards won't work in our SafeTPIN and phishing attacks are useless.  Pregnable transactions should not use SafeTPIN.  Please consult with your technician!      

Device identification in online banking is privacy threat, expert says | Security - CNET News

SAN FRANCISCO--A widely used technology to authenticate users when they log in for online banking may help reduce fraud, but it does so at the expense of consumer privacy, a civil liberties attorney said during a panel at the RSA security conference on Thursday.


When logging into bank Web sites, users are typically asked for their user name and password. But that's not all that is happening. Behind the scenes, the server is taking measures to identify the device being used in an attempt to verify that the person logging in is the person whose account is being accessed under the assumption that most people use the same computer for banking.

Wachovia, which recently merged with Wells Fargo, tags the consumer's computer with a unique identifier, said Chris Mathes, an information technology specialist in online customer protection at the bank.

The technology not only can be used to allow legitimate customers into Web sites, but also to block computers that have been targeted as "bad actors," said Todd Inskeep, a senior vice president for the Center for the Future of Banking at Bank of America.

Even though none of the information gathered during a log-in is personally identifiable, the bank shouldn't have to collect regular data on when, how often and from where a consumer accesses a bank account, said Jennifer Granick of the Electronic Frontier Foundation. Such information can be compiled with other more sensitive information to create profiles and cross referenced to learn more about consumers, she said.

For instance, the bank could learn who a consumer's roommate is if the same computer is used regularly to access different accounts, Granick said. Consumers also could be deemed suspicious for breaking with their patterns on deposits or withdrawals or the information could be sold to advertisers, she added.

Continue Reading at CNET





Reblog this post [with Zemanta]

Disqus for ePayment News