TWENTY CONVERSATIONS - Number 3

By Two Legs Good

"Just for security..."

You know as soon as you hear those words that whoever it is saying them now wants to know yet another of the increasing PIN numbers, passwords, and associated security gubbins we're expected to memorise and be able to recall instantly when challenged.

(And yes we know that "PIN number" is incorrect, that it translates to "Personal Identification Number number", but have you ever tried talking to people about their "PI number"? Sometimes we have to realise that there's a tide of eejits out there that we could never stem.)

There's a common problem with most of these in that they're only one way. Of the 6 or 7 banks, 6 communications companies, 4 or 5 hospitals and doctors surgeries, and about 20 or so retailers The Blog With Two Legs deals with, only one - that's 1 - of them actually supplies a way for the customer to verify that they're genuinely dealing with the right people and not a spoof website or phoney phoneline. (Well done, Alliance & Leicester!)

Why is it one-way? Well, that way it protects the bankers, retailers, etc. When anything goes wrong with your account, like some money going missing or getting stolen, they can fall back on the old chestnut "you must have given someone your password or PIN". Then they're off the hook - after all, how can you possibly prove that you never told someone a number?

When it used to be a physical key, like an actual key, or even a signature, the emphasis was on the likes of banks to detect fraud, to weed out the fake signatures on fake cheques. Now, they can just point at you, make YOU the criminal, whether the problem is a crime or even their mistake.

Did you notice what they did? That's right - they made YOU their unpaid security for YOUR money while it's in THEIR bank! And YOU get the blame when THEY lose it or give it away to the wrong people!

Of course, where there's such a gaping security hole, naughty people will take advantage. "Social Engineering" is a nice euphemism for "con tricks", but whichever way it's put you should beware of anyone phoning out of the blue and asking for your security details unless you can actually verify they really are who they say they are.

Yes, that means that a lot of bank staff are going to get annoyed. That's OK, they get paid for it. Remember, WE are the customers, not their unpaid employees. If enough of us do, if this idea can snowball, we can eventually cause enough disruption to their businesses that they'll be forced to give us - and our money - some REAL security.



* RING *


"Hello?"

"Hello, is that Mr William Smith?"

(Now, straight away you know it's NOT a call you really want to be taking - calls where people want to formally identify you before you even know who's calling never are. It's a rule. Admit nothing!)

"Who should I say is calling?"

"This is GRAB International - is that Mr William Smith?"

"Yes, how can I help you?"

"Just for security, can you tell me the second and fifth letters of your password?"

"Yes, I can. Can you?"


{ PAUSE }


"Umm, I'm sorry, but we have to check security before we talk about the account, so just for security, can you tell me the second and fifth letters of your password?"

"Yes, as I just said, yes I can - but you haven't told me if YOU can."

"I'm sorry sir, as I explained we cannot talk about the account until security is checked."

"I'm not wanting to talk about the account, I want you to tell me the second and fifth letters of my password BEFORE we talk about my account."

"I'm sorry, sir, we're not allowed to do that."

"Oh? Why not?"

"Well, sir... you could be anybody."

"EXACTLY - SO COULD YOU!"


{ PAUSE }


"No, sir, this is GRAB International, and before we talk about this account we need to verify that you are Mr William Smith."

"Well, at the moment I only have your word for that! Before I start revealing ANY of my password to YOU, I need to verify that YOU are a bona-fide bank employee. That's fair, isn't it? After all, YOU called ME, so you know my name and number, whereas I don't know anything about you. So - what are the second and fifth letters of my password?"

"I'm sorry sir, we can't reveal that."

"Fine - well, if you can't answer my security check password questions, I'm not going to reveal any of my secret password to you. You could just be someone calling to get clues to my password - a couple of letters this week, a couple next week, and you might guess the password!"

"Uh? Ummm.. we just need to talk to you about some offers we have available at the moment..."

"Well, if it's just to try to sell something to me, you don't really need to know my password, do you?"

"Well, we can't talk about the account until we check who you are"

"We're going round in circles then, because I won't tell you any secret password information until you can prove who YOU are."


{ PAUSE }



"I'm sorry sir, I don't know how I can prove who I am..."


"That's quite worrying. I mean, if YOU can't prove who YOU are, how do YOU know you're not actually somebody else?"

"Umm..."

"You know, I don't think I want ANY services from a bank that employs people that don't know who they are. In fact, you've just convinced me to close my account with GRAB. Just so I can tell the whoever it is I speak to when I call to close the account, what do you THINK your name is at the moment?"


* click *


vote for or bookmark this article:


Bookmark this post:
Google Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit StumbleUpon
Vote for this post: Top Blogs Vote on millionrss.com

DICKING ABOUT

By Two Legs Good

According to statistics published by the UK Government, the number of crimes committed in Yorkshire and the Humber area is way above average in loads of areas.

They're above average for vandalism. They're above average for burglary. They're above average for vehicle thefts. Above average for personal crimes. Above average for violent crimes, for theft offences, and on and on and on and on and on... just look at the tables below.


If you lived in Yorkshire - and weren't a criminal, something that apparently is less likely than average - you'd hope that your tax money was being spent on solving current crimes and preventing future crimes. You'd think that the police would have their heads down, cracking on with solving crimes and reducing the crime rate, wouldn't you?

Wouldn't you?

Hmmmm.

You'd be wrong.

Apparently North Yorkshire police have been busy working from an 18th century description of a dead criminal - the infamous Dick Turpin - creating this e-fit picture for a 'Wanted' poster.


That's right - they're dicking about making pictures of someone they hung nearly 300 years ago!

That'll get the crime rate down, eh?

Still, maybe it'll get some tourists (a.k.a. 'fresh victims') to visit.

Have another look at the tables above. Not much going on these days in terms of 'highway robbery', 'footpadding' or 'rustling', is there? You wouldn't think these were high priority crimes, what with the guy being dead for 270 years.

The Blog With Two Legs can't figure out which idea is more stupid - the idea of cops glorifying a local criminal, or cops wasting their time playing at making imaginary 'wanted' posters while their crime rates are so high.

If you're from Yorkshire, and you aren't busy registering a crime and you haven't had your computer nicked, maybe you can tell us which you think it is...


P.S. - AND they're not even accurate - EVERYONE knows THIS is what Dick Turpin looked like!


P.P.S. - And after all the pictures of Dick Turpin, here's a picture of Dick Turnip:




vote for or bookmark this article:


Bookmark this post:
Google Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit StumbleUpon
Vote for this post: Top Blogs Vote on millionrss.com

NAME AND SHAME - Part 3

By Two Legs Good


If we have to explain it, there's no point explaining it...


(Thanks, Denis!)


vote for or bookmark this article:


Bookmark this post:
Google Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit StumbleUpon
Vote for this post: Top Blogs Vote on millionrss.com

Rest In Peace

By Two Legs Good


Mollie Sugden


1922-2009





vote for or bookmark this article:


Bookmark this post:
Google Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit StumbleUpon
Vote for this post: Top Blogs Vote on millionrss.com

THANKFULLY, IAN HUNTLEY CAN'T SING OR DANCE

By Two Legs Good


Hello... Hello...
It's good to be back, it's good to be back!
Hello... Hello...
It's good to be back, it's good to be back!
Hello... Hello... Hello...

...GOODNESS GRACIOUS!


What?

WHAT?

Really?

...unless it's by Michael Jackson, eh?

!




P.S. - More Michael Jackson posts HERE!



vote for or bookmark this article:


Bookmark this post:
Google Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit StumbleUpon
Vote for this post: Top Blogs Vote on millionrss.com




home

email