My latest Guardian column, "Automated calls, fraud and the banks: a mismatch made in hell," reacts to the news that UK banks are using robo-call machines to check in with customers on possibly fraudulent transactions, and going about it in the worst way possible:
The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there's the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words. The banks have spent decades systematically conditioning us to give our personal information to fraudsters, which is a strange way to prevent fraud.
But at least this silliness had one saving grace: a fraudster can only make so many calls per day, and so the scope of losses from such a programme of bad security education is limited by the human frailties of con-artists.
Enter the robo-caller. The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase and is thus willing to spill all his details down the phone to get it approved. Note that most of the categories of purchase that trigger false positives from fraud detection systems are also the sort of thing that customers are anxious to see go off without a hitch. The unusual and the urgent often travel together.
Automated calls, fraud and the banks: a mismatch made in hell
Every year, the Electronic Frontier Foundation presents its Pioneer Awards (previously); now renamed the Barlow Award in honor of EFF co-founder John Perry Barlow, who died last year.
In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries […]
Thangrycat is a newly disclosed vulnerability in Cisco routers that allows attackers to subvert the router's trusted computing module, which allows malicious software to run undetectably and makes it virtually impossible to eliminate malware once it has been installed.
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]
Raspberry Pi is one of the world’s most versatile open-source computers. Alexa is a home automation hub with limitless potential. Together, they’re a dream team for ambitious makers, opening the door to everything from automatic lights to voice-controlled robots. Learning Raspberry Pi is meant to be relatively easy for newbies, but its applications with Alexa […]