[145891] in cryptography@c2.net mail archive
Something you have, something else you have, and, uh, something else you have
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Sep 17 16:00:31 2010
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com
Date: Fri, 17 Sep 2010 20:53:51 +1200
From the ukcrypto mailing list:
Just had a new Lloyds credit card delivered, it had a sticker saying I have
to call a number to activate it. I call, it's an automated system.
It asks for the card number, fair enough. It asks for the expiry date, well
maybe, It asks for my DOB, the only information that isn't actually on the
card, but no big secret. And then it asks for the three-digit-security-code-
on-the-back, well wtf?
AIUI, and I may be wrong, the purpose of activation is to prevent lost-in-
the-post theft/fraud - so what do they need details which a thief who has
the card in his hot sweaty hand already knows for?
Looks like it's not just US banks whose interpretation of n-factor auth is "n
times as much 1-factor auth".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
