Skip to main content

focusing-on-things-you-can-control

The blogosphere is alive with talk about the FFEIC's guidance requiring stronger authentication for online banking. Inevitablty, someone says how useless better authentication is when PCs are so insecure.

I'm reminded of the frustrations we had in my last company, iTendant which marketed web-to-wireless service request management software to office landlords. As they say in real estate, the three most important things are "location, location, location".

In reality, location, building quality, rental rates and quality of support services are important and the landlords can't do anything about the first two after the building is up. They can lower their rental rates to attract more customers, but who wants to do that? The only thing they can do is to keep their tenants happy via top notch service which will increase occuppancy, reduce turnover and increase retention.

Banks can't really do anything about the consumer machine, except educate consumers and if they are going to do that, they might as well include information about two-factor and mutual authentication, the things they actually can do something about.

In addtion, banks control their servers and they should be extremely diligent about keeping an eye out for cross-site scripting vulnerabilities. For this, I recommend SPI Dynamics (FD: I'm an investor). Banks should scan their sites whenever there is a new vulnerability or when there is a change to the site.

BTW, we sold iTendant to Abrahams Industries. They have a solid hotel client base - that understands how important service is - and wanted better technology.
Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom