Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 55
  1. #31
    Join Date
    Sep 2003
    Location
    Elimbah, QLD
    Posts
    437

    Default

    Quote Originally Posted by Sturdee
    Rocker, for my internet banking with the Commonwealth I have a 6 digit pin, for the ANZ and Westpac an 8 digit alphanumeric pin.

    Only on eftpos cards have they numeric pins with 4 digits for ANZ and Westpac and 6 digits for Commonwealth.

    Must be different up north.


    Peter.
    Sturdee,
    You are of course correct; I must have been having a senior moment. Well, actually my Westpac online banking password is 6-digit alphanumeric.
    Rocker

  2. #32
    Join Date
    Feb 2005
    Location
    Mackay Qld
    Age
    50
    Posts
    1,039

    Default

    The Credit union I'm with has a log-in code and a separate code for external transfers.
    Mick

    avantguardian

  3. #33
    Join Date
    May 2005
    Location
    Newcastle
    Age
    73
    Posts
    1,064

    Default

    Quote Originally Posted by silentC
    Mr Ashore, do you type your signature line in every time?
    Silent
    No I use a free ware program I found called 101 clips it allows you to retain up to 30 things , text , pictures, web pages etc on your clipboard instead of just the last thing you saved
    You just line up your curser open 101 clips from task bar and click on the entry you want
    Find it under Google 101 clips



    Rgds
    Russell




    Don't take life too seriously; No one gets out alive.



  4. #34
    Join Date
    May 2005
    Location
    Brisbane
    Age
    53
    Posts
    108

    Default

    Several people have mentioned that their pin numbers are sent unencrypted.

    Every bank in Australia will be using an encrptyed web session. This is visable via the little padlock on the bottom right of the browser. The web address will probably start with https://.
    This means that the whole session should be encrypted in either 64 bit or 128 bit (depending on browser) key.
    These sessions have many short commings and ways to crack them, but by far the way most people get stung is by following a link to a dodgy website. Always go to your banking site via your favourite links (never via an email) and check that the padlock appears.
    Specializing in O positive timber stains

  5. #35

    Default

    Quote Originally Posted by bitingmidge
    As I have had reinforced in a discussion today, "random number generators" aren't actually generating numbers randomly at all. They are merely generating numbers in a complex sequence or algorithm.

    In the course of our business we regularly transfer rather large sums of money, and the bank concerned has taken not of Rocker's advice.

    It has issued each of the signaturies (sp?) of the account with a little RNG (random number generator) which is tuned exactly to a parallel generator back in some dark room at the bank. The numbers change every two minutes.

    When a transaction is made, there is a two minute time frame to log in the number, do the business and get out.

    So now all you need to do is hijack the bank's one, be online at exactly the time the transaction is occurring, and do your criminal business in what's left of the two minutes I guess.

    Cheers,

    P

    Funny I heard the same thing this morning

  6. #36
    Join Date
    Jul 2004
    Location
    Adelaide Hills
    Age
    66
    Posts
    0

    Default

    Quote Originally Posted by silentC
    Commonwealth Bank's Netbank used to work that way.

    Now they put up a code table. You type the corresponding letter from the code table for each number in your PIN. The code table is different each time you log in.
    When I log into CBA netbank I enter the password directly....I dont see any code tables. Are you sure youre not logging into a fake netbank site run bythe Russian mafia???
    Whatever note you blow youre never more than a semitone away from the correct one....(Miles Davis)

  7. #37
    Join Date
    Aug 2003
    Location
    Pambula
    Age
    59
    Posts
    5,026

    Default

    You must've missed this:

    Quote Originally Posted by Me on Page 2
    Oops, my mistake

    It's not Netbank, it's our other bank that does that - IMB. Yes, Netbank has a userid and password setup, not a PIN number.
    "I don't practice what I preach because I'm not the kind of person I'm preaching to."

  8. #38
    Join Date
    Jun 2003
    Location
    ...
    Posts
    1,460

    Default

    Quote Originally Posted by Rocker
    I must have been having a senior moment.

    Love that phrase. I seem to get them too these days.


    Peter.

  9. #39
    Join Date
    Feb 2005
    Location
    Mackay Qld
    Age
    50
    Posts
    1,039

    Default

    The other thing that may be possible is to have email confirmation for external transfers.

    maybe
    Mick

    avantguardian

  10. #40
    Join Date
    Mar 2002
    Location
    Altona Meadows, Victoria
    Posts
    0

    Default

    Rocker,

    I don't think a Trojan would find it difficult to record the banks random querey to you and your reply and so reveal your pin at one go. Bendigo bank uses a little key pendant that generates a one-time verification number, when you press a button, that has a valid life of 1 minute. You use your user name, pin and then this verification. Doesn't matter if a hacker got the pin and user name as they are useless without this verification number.

  11. #41
    Join Date
    Sep 2003
    Location
    Elimbah, QLD
    Posts
    437

    Default

    Brian,

    Sounds good; if a Mexican bank can use a trojan-proof system, why not the Big Four?

    Rocker

  12. #42
    Join Date
    Dec 2004
    Location
    Hell with fluro lighting
    Age
    55
    Posts
    624

    Default

    I will have to reveal my hand here, I work in one of the 4 majors, no I wont reveal what one. I dont use their net banking but I do work from home and to sign into their VPN from home I have one of those dongles that generates a random number every two minutes, this is run by an outside contractor, so to sign on you need your user id, a pin number and the number from the number generator. Why they dont use a similar system for their internet banking I dont understand, but then again I have worked for this bank for 18 years and still dont understand some of the menagement ideas....
    I may not have gone where I intended to go, but I think I have ended up where I needed to be.

    My Other Toys

  13. #43
    Join Date
    Aug 2003
    Location
    Pambula
    Age
    59
    Posts
    5,026

    Default

    Why they dont use a similar system for their internet banking I dont understand
    Cost.
    "I don't practice what I preach because I'm not the kind of person I'm preaching to."

  14. #44
    Join Date
    Jun 2005
    Location
    rural Sydney
    Age
    76
    Posts
    5

    Default Security dongles

    Quote Originally Posted by silentC
    Cost.
    SilentC,
    I am sure that if they did a real analysis of the costs the major banks would see it is worth it.

    I currently work for a big Aus University and we use a SecureId which is a small device like a USB memory stick, which displays a number for about 2 minutes. You have to enter this when logging into the financial systems etc with name and p/w etc.

    At first (~5 years ago) the external company charged about $300ea. The Uni negotiated to buy in batches and now they are down to less than $100. I am told they have a simpler non-display type that you plug into the USB port and this can be interrogated by the login script. Saves the errors of input. These devices could easily be supplied by the banks.

    Even though there would be a cost, think of the cost of investigating and covering just one fraud case. I will be very surprised if we don't see this happening soon.

    cheers
    Dr Dee
    Trying to work less and machine my time away

  15. #45
    Join Date
    Aug 2003
    Location
    Pambula
    Age
    59
    Posts
    5,026

    Default

    Only if they charge the user for it.

    There is no way a bank is going to buy a $100 dongle for every online customer. I don't have any figures on how many Netbank users there are for example, but you would have to guess it to be in the tens of thousands. For 10,000 users it would cost them $1,000,000. Not to mention the cost of distributing them, supporting them, and changing the systems to handle them. I can just see the reaction in the boardroom when someone proposes that.

    As for cost of investigating fraud, they hand that over to the Feds. Banks just write losses off.
    "I don't practice what I preach because I'm not the kind of person I'm preaching to."

Similar Threads

  1. The Bible - Internet Style............
    By Phil Spencer in forum JOKES
    Replies: 2
    Last Post: 30th May 2005, 01:01 PM
  2. Replies: 20
    Last Post: 30th March 2005, 01:15 AM
  3. Internet Jokes
    By craigb in forum JOKES
    Replies: 0
    Last Post: 23rd December 2004, 02:08 PM
  4. Internet Telephone
    By Barry_White in forum NOTHING AT ALL TO DO WITH RENOVATION
    Replies: 30
    Last Post: 30th June 2004, 10:10 PM

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •