Reply to post: Re: prove it

Met police commissioner: Fraud victims should not be refunded by banks

Voland's right hand Silver badge

Re: prove it

They tried that - by bundling near-obligatory "fraud prevention" windows only software.

HSBC tried that, a few others as well. Forgot what it was called, named after some dog breed.

I tried to point them that they are offering an insecure redirect to an insecure download out of a hijackable non-https page to do that. Not just that, the whole set-up was asking to be abused for phishing or cross-site-scripting attacks. All of these rather simple thoughts could not be parsed by whoever is in charge of that part for them. I also tried to point to them that there is no way in hell you can run that crapware on a Mac or Linux, that did not parse either. Same result - it was like trying to teach a macaque quantum mechanics.

All in all - I did not get very far and after a litany of failures from HSBC security dept I fired them. With great pleasure. Moved my business elsewhere which is marginally better.

The truth is, nearly all management in charge of retail electronic commerce security in a most UK banks is as incompetent as you can find and then some.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019