-
You are losing out on amazing benefits because you are not a member. Join for free. Register now.
-
New Two-Day Giveaway - Enter now and win great prizes. Enter Here.
-
Rate your ISP now – Afrihost | Axxess | Cell C C-Fibre | Cool Ideas | Cybersmart | MWEB | Supersonic | Telkom | Vox | Webafrica
How would you solve the problem of internet banking and SIM-swap fraud?
- Thread starter Jamie McKane
- Start date
- Tags sim-swap fraud
- Joined
- Oct 1, 2005
- Messages
- 45,649
No, the solution is to not keep your savings with the same bank/institution as your transactional account (unless very secure online, like Capitec, and even then, don't keep the savings in your cards account , rather in a sub account, then nothing much can happen even if they steal/rob/swipe your card and pin).
I think the problem here is everyone is trying to plug the leaks in the bath after the bomb has gone off. SMS tokens are additional layers of security and shouldn't be seen as the primary. The issue is that the primary authentication method (password) has been compromised.
The real issue is the phishing emails that are being sent and users not realising. This is in part the user's fault, but we also need to look at email as a whole. The problem is that SMTP allows you to make emails look like they are from a legitimate sender even when it's actually be sent by some zombie server connected to the internet. Email authentication (where the sender is verified) has been around for some time now and would prevent the vast majority of phishing attacks and spam, yet most mail servers do not implement it. Some legitimate emails would be flagged as spam due to practices used by companies, but it wouldn't take long to flag this with the senders and have them correct their automatic mailers.
Some details on Email authentication:
https://en.wikipedia.org/wiki/Email_authentication
The real issue is the phishing emails that are being sent and users not realising. This is in part the user's fault, but we also need to look at email as a whole. The problem is that SMTP allows you to make emails look like they are from a legitimate sender even when it's actually be sent by some zombie server connected to the internet. Email authentication (where the sender is verified) has been around for some time now and would prevent the vast majority of phishing attacks and spam, yet most mail servers do not implement it. Some legitimate emails would be flagged as spam due to practices used by companies, but it wouldn't take long to flag this with the senders and have them correct their automatic mailers.
Some details on Email authentication:
https://en.wikipedia.org/wiki/Email_authentication
Last edited:
