In online banking, the online customer has to repeatedly prove who he/she is, but the bank does not prove its genuine identity.
How can this asymmetry be addressed, with a secure handshake for organisations proving who they are to the other party of an online interaction?
In online banking, it is the bank that offers its services, so it is up to those who want these services to prove their identity. That said, the organization or bank in question must provide security certificates that prove their identity. Certificate authorities exist for this purpose.
The service offered by the bank to a consumer results in one or more contract. Implementing this contract implies interactions (phone call for instance). In such interactions, every party should have to prove their identity. Case of a bank calling a customer and asking the customer to prove who he/she is: that's a one step. However, how do you know as a customer that the caller is genuine? That may be someone to be claiming he/she represents a bank.
The proof is needed for all parties involved.
The current dominant practice observed is a bad one: the burden of the proof is just for the customer.
Now, it's not about the bank's money, but about the customer's money in many instances.
This is disturbing. Again a case of the implicit abuse of power from large organisations towards individuals taken in isolation. In the schoolyard, bullying is an extreme case of that sort of abuse: Goliath crashing David.
How uncivil and uncivilised!
In most cases, the unique Internet Address will assure that you connect with the company you desire. The consumer needs to be sure that they have the correct address - NEVER use a spoofed one from an incoming email! Even then, hackers could read transmitted data. THUS, if the institution valued your business enough, you could simply use encrypted links. Even something relatively available and 'simple' like PGP means that ONLY the person/institution you send data to can unencrypt it for reading. MOST (all?) financial institutions already use "secured" connections, which is essentially doing the same thing.
Best regards,
Steven
- Badges
- Science topic
- Similar topics
- Mathematical Sciences
- Statistics
- Probability
- Probability Theory
- Reliability