ken emery wrote: > I'm not sure what needs to be done, but the security as now > implemented > is not even close to enough IMHO. Networkwise (to bring this back on > topic) I'm not sure there is really much that can be done.
Don't forget the desperate need for user *and* staff education. I have now multiple time got calls from my bank asking to discuss my account. Could I just verify my details ? they asked. Er, you first, I said. They didn't get it. They didn't understand why, as someone who is lightly paranoid and understand more about security than they do, I was concerned that they couldn't prove they were from the bank... Peter