All the latest UK technology news, reviews and analysis
|
|
|
17 Oct 2005
Phishing could be stopped very quickly if banks were made responsible for the losses incurred, according to security guru Bruce Schneier.
Writing in his Crypto-gram newsletter Schneier noted that, while new anti-phishing laws might have some effect, the problem will not be resolved until the financial institutions take responsibility for fraud, thus giving them an incentive to stop it.
"Push all of the responsibility for identity theft onto the financial institutions, and phishing will go away," said Schneier.
"This fraud will go away not because people will suddenly get smart and quit responding to phishing emails, or because California has new criminal penalties for phishing, or because ISPs will recognise and delete the emails.
"It will go away because the information a criminal can get from a phishing attack will not be enough to commit fraud because the companies won't stand for all those losses."
Schneier maintains that one of the fundamental rules of security is that " the entity that is in the best position to mitigate the risk is responsible for that risk".
While he accepts that many financial organisations already pay for phishing losses directly, this ignores the indirect costs. Damage to credit ratings and time spent opening new bank accounts are all handled by the consumer.
In the past banks have been accused of complacency about the phishing problem, even though it costs billions each year.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Systems Engineer - 2nd/3rd Line Support - Microsoft OS...
A leading global provider of critical information to...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Banks told to take responsibility for phishing
While I agree with the concept of: "Push all of the responsibility for identity theft onto the financial institutions, and phishing will go away," "This fraud will go away not because people will suddenly get smart and quit responding to phishing emails, or because California has new criminal penalties for phishing, or because ISPs will recognise and delete the emails?. The problem might be in the long battle getting the finincal instatuion to agree. If you agree with the statisitcs published by the APWG: The Anti Phishing Working Group says 95% of all fraudulent E-mail scams use spoofed, or forged "From" addresses. The Anti-Phishing Working Group said Monday as it announced that 95% of all fraudulent E-mail scams use spoofed, or forged "From" addresses. 06/04. Would it not make more sense to put more pressure on the ISP?s /ESP?s about delivery of fraudulent emails?
Posted by: Liz Powers 18 Oct 2005
Banks don't care !
The banks and Credit Card companies treat fraud just as a another business xost and pass it on to the customer. I know of an 86 year old man who left the CC companies with 20k debt,they wrote it off without batting an eyelid. When I contacted HSBC with forged bakres draft and goo chance to catch the culprit, they did NOTHING ! Regards, M E Martin
Posted by: M E Martin 17 Oct 2005