[127208] in cryptography@c2.net mail archive
Re: The wisdom of the ill informed
daemon@ATHENA.MIT.EDU (Stephan Neuhaus)
Tue Jul 1 18:15:31 2008
Cc: Ed Gerck <edgerck@nma.com>, Cryptography <cryptography@metzdowd.com>
From: Stephan Neuhaus <neuhaus@st.cs.uni-sb.de>
To: "Perry E. Metzger" <perry@piermont.com>
In-Reply-To: <87skutipfu.fsf@snark.cb.piermont.com>
Date: Tue, 1 Jul 2008 18:09:38 +0200
On Jul 1, 2008, at 17:39, Perry E. Metzger wrote:
> Ed, there is a reason no one in the US, not even Wells Fargo which you
> falsely cited, does what you suggest. None of them use 4 digit PINs,
> none of them use customer account numbers as account names. (It is
> possible SOMEONE out there does this, but I'm not aware of it.)
Many German savings banks use account numbers as account names (see, =20
e.g., https://bankingportal.stadtsparkasse-kaiserslautern.de/banking/) =
http://www.stadtsparkasse-kaiserslautern.de=20
), as does, for example, the Saarl=E4ndische Landesbank =
(https://banking.saarlb.de/cgi/anfang.cgi=20
). Most will not use 4-digit PINs, though.
> I understand
> some European banks even do stuff like mailing people cards with one
> time passwords.
Do you mean TANs (TransAction Numbers)? TANs are used to authorize =20
transactions that could affect your account balance. So stealing the =20=
PIN will let you look at the balance, but will not let you steal money =20=
(through this channel).
(Or maybe you knew all this already and I just missed the irony.)
Fun,
Stephan=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
