My latest Guardian column, "Automated calls, fraud and the banks: a mismatch made in hell," reacts to the news that UK banks are using robo-call machines to check in with customers on possibly fraudulent transactions, and going about it in the worst way possible:
The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there's the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words. The banks have spent decades systematically conditioning us to give our personal information to fraudsters, which is a strange way to prevent fraud.
But at least this silliness had one saving grace: a fraudster can only make so many calls per day, and so the scope of losses from such a programme of bad security education is limited by the human frailties of con-artists.
Enter the robo-caller. The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase and is thus willing to spill all his details down the phone to get it approved. Note that most of the categories of purchase that trigger false positives from fraud detection systems are also the sort of thing that customers are anxious to see go off without a hitch. The unusual and the urgent often travel together.
Automated calls, fraud and the banks: a mismatch made in hell
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email?
If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone […]
Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security […]
Few programming languages boast the versatility and user-friendliness of Python, which is why it’s the first language of choice for many aspiring programmers. Regardless of your experience level, you can take the first step to becoming Python-savvy with the Python 3 Bootcamp Bundle, available in the Boing Boing Store for $35 this week. Featuring more than […]
We live during a time where cyberattacks regularly make news headlines, so it should come as no surprise that cybersecurity professionals are experiencing a surge in demand at even the entry level, making now the ideal time to learn the tools of the trade if you’re considering a career switch. The 2018 Supercharged Cybersecurity Bundle offers […]
It’s no secret that companies are eager to hire new project managers and pay them hefty salaries to ensure their initiatives make it from A to B. However, demand alone isn’t quite enough to get your foot in the door as a project manager these days. Without the right certifications, companies will have a hard time […]