Comments on: TD Canada Trust password policy fail http://hypatia.ca/2008/11/td-canada-trust-password-policy-fail/ Leigh Honeywell's Blog Mon, 30 Aug 2010 21:27:15 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Steve H. http://hypatia.ca/2008/11/td-canada-trust-password-policy-fail/comment-page-1/#comment-136 Steve H. Mon, 23 Feb 2009 16:03:02 +0000 http://hypatia.ca/?p=47#comment-136 I just thought of this post today in relation to an experience I had this morning, so I had to comment. We had a visitor from the US in the office today and they were going on about how some US banks have implemented "special security" to allow client to identify possible phishing. He showed me one of the standard emails he receives from his bank regularily as an example, and sure enough there was a little blue box at the top of the message, called a "security zone" that had his name and the last 4 digits of his debit card in it - along with a message on the bottom explaining what the "security zone" is. When I looked at the source of the email, however, the "security zone" was written in plain html! Including the name and numbers! There wasn't even an effort to disguise the information. So their idea of fighting fraud is to beam the customer's full name and partial debit number across the internet via POP. I just thought of this post today in relation to an experience I had this morning, so I had to comment. We had a visitor from the US in the office today and they were going on about how some US banks have implemented “special security” to allow client to identify possible phishing. He showed me one of the standard emails he receives from his bank regularily as an example, and sure enough there was a little blue box at the top of the message, called a “security zone” that had his name and the last 4 digits of his debit card in it – along with a message on the bottom explaining what the “security zone” is.

When I looked at the source of the email, however, the “security zone” was written in plain html! Including the name and numbers! There wasn’t even an effort to disguise the information. So their idea of fighting fraud is to beam the customer’s full name and partial debit number across the internet via POP.

]]> By: Greg http://hypatia.ca/2008/11/td-canada-trust-password-policy-fail/comment-page-1/#comment-64 Greg Wed, 28 Jan 2009 20:55:37 +0000 http://hypatia.ca/?p=47#comment-64 I use BMO and really enjoy their online banking service - their authentication is so strong that it always takes me a few tries to actually log in! But want to know the best part? Their customer service rocks. Every other chartered bank I have done business with could learn from them. I use BMO and really enjoy their online banking service – their authentication is so strong that it always takes me a few tries to actually log in! But want to know the best part? Their customer service rocks.

Every other chartered bank I have done business with could learn from them.

]]>