Wednesday, November 11, 2009

Melissa Hathaway Won't Bank Online



In a post by Eric Chabrow, at GovInfoSecurity, he writes about a quick conversation he had with Melissa Hathaway.  (not pictured on the right) 



Bottom line?  Melissa doesn't bank online.  Oh...and the FBI Director has sworn off online banking after nearly falling victim to a sophisticated phishing attack.  (See:
FBI Director Swears Off Online Banking after Nearly Getting Phried

Confidence in the security of online shopping is down, down, down.  Oh...and it's going to get worse before it gets better.  UNLESS we stop using the web/browser for financial transactions and start using a PCI 2.x Certified device which eliminates the threats AND morphs the "Card Not Present" environment (the web) into a "Card Present" one. 

So the question that begs to be asked of thse financial institutions..."When are they going to wake up to the fact that financial transactions simply cannot be conducted in a browser space?   How long are they going to be stuck on band-aids? 


It is time to re-evaluate the entire process.   When the web came along, everybody jumped in without feeling the water and now it's reached it's boiling point.  Again, the browser is not safe for financial transactions.  Been saying it for 20 months, but more importantly, large organizations such as IBM are stating the same thing.  (unprecedented state of web insecurity...a separate machine is needed for online banking, etc.)



Here's some insight on how
the one-time leading candidate as President Obama's CyberSecurity Tsarina  (See: Melissa Hathaway Logs Off as Cyber-Security Tsar/Czar) feels about online banking/shopping... 



Does Melissa Hathaway Bank Online?

Eric ChabrowEric Chabrow - Gov Info Security



Melissa Hathaway should know better than anyone about the safety - or vulnerability - of our computer networks, having conducted the 60-day cybersecurity policy review of the federal government's and nation's IT infrastructure for President Obama.



Now a senior adviser at the Belfer Center for Science and International Affairs at Harvard University's Kennedy School of Government, Hathaway spoke with me on Tuesday about the current state of our cybersecurity posture (that podcast interview will be posted presently). I ended our conversation by asking how secure should people feel about banking and shopping online. Hathaway's response:





"E-commerce fraud is up significantly, I think over 70 percent, as to the recent statistics that I saw.



It's important to have better credentialing and authentication of customers online in order to assure the security with banking and e-commerce broadly."

Do you bank online?

"Occasionally, I shop online. I do not do banking online."

Is that because you don't trust the current environment?

"I believe that the banks ... that they will cover all liabilities if your accounts were taken. I just don't have the comfort level of e-commerce yet based on current technology."



Hathaway's time at the White House analyzing IT vulnerabilities didn't sway her to stop banking. She has never banked online. I asked if I should reassess my online banking addiction. Her response wasn't comforting:

"I think that certainly your bank will cover you if there is a problem, but I think that as you are going to perhaps an unknown vendor out in cyberspace, and you're going to give them your credit card, you should think twice about that."





Reblog this post [with Zemanta]

Disqus for ePayment News