Password Security – Banks won’t pay for credit card fraud – if Mobile or Kindle is stolen
Remember that blog I wrote about the top 10,000 passwords would crack 98% of all accounts. Well the banking industry is now set to use that to deny claims for fraud. If your password is easy to guess, eg your year of birth, then you are not insured for fraud starting January 2013.
This is the time to start looking at password security – and take accountability for easy to guess passwords, as you won’t be insured.
Customers could be liable if they use a PIN that can be easily guessed or the bank decides they have been careless and allowed a criminal to see the number at a cash machine.
It must not be a number that can be easily guessed, such as a year of birth.
This means that those who have difficulty remembering numbers – for example the elderly – and so stick to a single PIN for a range of services could find any claim against fraud is rejected.
The new rules even extend to how customers use and secure their mobile phones, with a requirement that they have a password to activate their handsets.
**MOBILE IS STOLEN**
Any customer who finds their mobile phone is stolen and then used to access their current account will find the bank can reject any claim for compensation unless it had password protection.
The moves have been condemned as ‘unfair’ and ‘unreasonable’ by a card security expert.
Ross Anderson’s Comments:
Last night card security expert Professor Ross Anderson, of the Cambridge Computer Lab, accused banks of trying to shift the cost of card fraud on to customers.
‘If Santander want to ensure that weak PINs aren’t used then they must issue random PINs to customers and not permit PIN change. That’s the line followed by some banks in Germany.’
* Reset passwords on your mobile first.
* Reset passwords or disable Amazon Kindle Accounts Next
* Reset banking password
* Set up “rings of defence” – this is called “Defence in Depth”
* Pervasive computing means all those devices like Kindle, which can access your bank accounts… need to be heavily protected. Maybe notify Amazon that no purchases via Whispernet are authorised and are deemed as fraud. Print out that email, and keep it safe.
* Make sure the bank account password is different to that on your mobile or Kindle – or you won’t be insured.