My latest Guardian column, "Automated calls, fraud and the banks: a mismatch made in hell," reacts to the news that UK banks are using robo-call machines to check in with customers on possibly fraudulent transactions, and going about it in the worst way possible:
The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there's the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words. The banks have spent decades systematically conditioning us to give our personal information to fraudsters, which is a strange way to prevent fraud.
But at least this silliness had one saving grace: a fraudster can only make so many calls per day, and so the scope of losses from such a programme of bad security education is limited by the human frailties of con-artists.
Enter the robo-caller. The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase and is thus willing to spill all his details down the phone to get it approved. Note that most of the categories of purchase that trigger false positives from fraud detection systems are also the sort of thing that customers are anxious to see go off without a hitch. The unusual and the urgent often travel together.
Automated calls, fraud and the banks: a mismatch made in hell
The Miele PG 8528 is a “washer-disinfector” intended for hospitals and other locations with potentially dangerous pathogens on their dirty dishes; it’s networked and smart. And dumb.
In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt “Certificate Authorities,” the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger — bad certificates could allow anything from eavesdropping on financial transactions to […]
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers’ data; undersecured it; and then failed to warn their customers that they were at risk.
What could be more fun than a slingshot that shoots tiny airplanes? A slingshot that shoots tiny glowing airplanes of course! These toy planes are outfitted with ultra-bright LEDs, so you can fly all night without losing them in the trees.Whether you are a regular-sized child, or an overgrown adult one, these light-up flyers offer […]
You know the drill. You go to the dentist and they ask you how often you floss. You lie through your teeth and say, “every day!” (Bonus points if you have some cilantro or chives stuck in your gums from lunch). You don’t want to keep up the charade any longer, but rubbing that tiny strand […]
The Raspberry Pi Foundation has done outstanding work packing a fully capable desktop computer into a package the size of a deck cards—especially one that only costs $35. But if you already have a working laptop, why should you care? Oh, how much you have to learn. Besides operating well as a compact digital media hub, […]