[funsec] The end of Phishing in sight?

Douglas F. Calvert douglasfcalvert at gmail.com
Mon Oct 17 18:00:14 CDT 2005


> the banks aren't forced to provide anything to the customer, just must
 > require two-factor authentication.  I'm sure whatever method the bank
 > provides will have the associated hardware, any software, and any other
 > requirements covered by the bank most of the time.  The demand for
 > online banking combined with competition ensures that this will almost
 > certainly be the norm.
 >

The banks must require 2-factor as long as the risk assessment
supports the increased level of control. The guidance says that single
factor is not good enough for high risk transactions. However once you
start to disect what "high risk transactions" are it gets a little
confusing...



--
--dfc
douglasfcalvert at gmail.com



More information about the funsec mailing list