On 24 Mar 2010 at 15:38, Sam Cayze wrote: > At first, I thought, 'brilliant' Then a few seconds later I was wondering why > more services don't do this IP calculation all the time. Say... banks? > http://lifehacker.com/5501131/gmail-detects-and-warns-you-if-someone-else-is > -using-your- account
Follow the money. Perhaps banks don't do this because (for business, where the big money is) the liability lies with the business, not the bank. There is not enough financial incentive for the banks to invest in this. IMHO if the banks had the same max-$50 limit (maybe more, but still a statutory limit) on what businesses were liable for in the event of a breach, you betcha they'd start working on authenticating each transaction rather than the system they use now, which "authenticates" each user and then pretty much ass*u*mes everything that an "authenticated" user does is legitimate. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
