[17875] in cryptography@c2.net mail archive
Re: mother's maiden names...
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Jul 14 09:48:25 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 14 Jul 2005 09:02:57 -0400
In-Reply-To: <E1DsxL3-0004Vx-00@medusa01.cs.auckland.ac.nz> (Peter Gutmann's
message of "Thu, 14 Jul 2005 18:36:53 +1200")
pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
>
>>Why is it, then, that banks are not taking digital photographs of customers
>>when they open their accounts so that the manager's computer can pop up a
>>picture for him, which the bank has had in possession the entire time and
>>which I could not have forged?
>
> I don't know about photos specifically, but I know that signature
> imprints are often still moved around by laborious manual means
> because the background infrastructure to handle images doesn't
> exist. Most banks are still using 3270-style interfaces, even if
> they have a screen-scraped GUI front-end.
That's true. Several banks I deal with in New York use displays that
are disturbingly 3270-like. That brings up another thing that has
always tickled the back of my mind -- I have never actually had a
professional opportunity to analyze any of the systems used by tellers
in commercial banks, and I always wonder at what is securing the links
between small branches and HQ, and how bad the protection of the user
passwords etc. might be...
> So using images (of any kind) isn't just a case of making an executive
> decision to do so, it would involve a massive, end-to-end infrastructure
> upgrade to implement.
Yah, true enough -- which also impedes things like letting branch
managers to look at check images, signatures, etc. Groan...
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
