Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?
Australia Cellphones Handhelds Security The Almighty Buck IT

Australian Telcos Declare SMS Unsafe For Bank Transactions 42

Posted by timothy
from the txt-me-ok? dept.
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
This discussion has been archived. No new comments can be posted.

Australian Telcos Declare SMS Unsafe For Bank Transactions

Comments Filter:
  • by dgatwood (11270) on Thursday November 08, 2012 @06:01PM (#41925713) Journal

    something you know, something you have, and something you are

    The problem is that superficially, a phone looks like a great second factor. You know your password, and you have your phone. Unfortunately, in practice, it is not a second factor at all because the phone is a party to the communication of the first factor (password/PIN), so compromising the phone compromises a second factor implicitly. Fundamentally, no phone can ever be a second factor for authentication purposes, period, so long as it is possible to enter your password or PIN through that phone.

    The ability to clone phones is just the icing on the cake. It's the beach ball floating through the gaping hole that nobody noticed previously that calls attention to the flaw in the minds of people who were otherwise not sufficiently security-minded to see it.

  • Re:Not surprised... (Score:5, Informative)

    by norpy (1277318) on Thursday November 08, 2012 @06:38PM (#41926133)

    They also seem to think that inputting your password with an on-screen html keyboard using your mouse will provide *ANY* extra security.

    The one thing that i'm happy about is that unlike commonwealth bank, they are not integrating facebook with their online banking system.
    Just let that one sink in a little bit.... integrating FaceBook with your online banking

"Thank heaven for startups; without them we'd never have any advances." -- Seymour Cray