Comments on: Basically it’s a Massive Pisser for You

By: abb1

abb1 — Thu, 31 May 2007 19:07:18 +0000

To gain on-line access to my UBS account (garden variety) you’ll need to obtain their electonic gadget and to steal my personal chip-card (in addition to phishing the contract number associated with the card and the password).

So, it’s not really the lack of security of the user.

By: Stuart

Stuart — Thu, 31 May 2007 17:31:18 +0000

I forgot the other obvious way that thieves get user credentials – asking for them via email, now in the last year I have probably been asked for my account details (either directly or by having a link to a fake website within the email) or for at least 40 different banks (39 of which I dont bank at, some not even having branches in this country). I can’t imagine there have never been anyone that have answered such emails (given the success of the Nigerian scams and so on).

By: Stuart

Stuart — Thu, 31 May 2007 17:27:48 +0000

There is of course some difference between someone robbing a bank, and them gaining or faking your account details to take money from your account of course. In a bank robbery the customer doesn’t have the key to the vault which his own actions might have led to it being copied by a thief and then used.

In many cases of identify theft it is actually the lack of security of the user that causes the problem, maybe they have installed random software on the web (things that claim to block ads, speed up your system, protect you from viruses, download music files, and the like being common ones) which then log the users credentials and email/transmit them to the thieves to use.

So where do you assign blame when often the cause of the theft is unknown – it might be an unsecure aspect of the banks website, but it might be that the customer has basically given their details away to a thief to use due to their own mistakes and lack of computer security knowledge.

By: ejh

ejh — Wed, 30 May 2007 21:26:08 +0000

Really? I thought it was accountants.

By: lemuel pitkin

lemuel pitkin — Wed, 30 May 2007 20:06:30 +0000

abb1: It’s already been done (although taking in card/PIN details rather than deposits).

Albanian gangs have done the same thing in New York City. Every time I go to an ATM in a bodega now, I wonder how I know it’s not a front for an Albanian crime syndicate.

Albanians really seem to be at the cutting edge of organized crime these days.

By: Robbing identities at Gavin’s Blog

Robbing identities at Gavin’s Blog — Wed, 30 May 2007 11:57:05 +0000

[...] Hehe. Banks don’t have their money stolen anymore. [...]

By: Simstim

Simstim — Wed, 30 May 2007 10:44:52 +0000

abb1: It's already been done (although taking in card/PIN details rather than deposits).

By: abb1

abb1 — Wed, 30 May 2007 09:35:37 +0000

I imagine the identity of a bank can be stolen too – if, suppose, some thieves open a fake branch office and collect deposits. I wonder if the bank would assume the responsibility in that scenario.

Nah.

By: Chris Bertram

Chris Bertram — Wed, 30 May 2007 08:47:25 +0000

Suspect there’s not a real ejh to start with!

By: ejh

ejh — Wed, 30 May 2007 08:43:31 +0000

How do we know it’s the real Chris Bertram who said that?

By: Chris Bertram

Chris Bertram — Wed, 30 May 2007 07:16:39 +0000

Absolutely brilliant Kieran!