>
How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin's Anonymity
Old World Order is COLLAPSING: The Death of Europe and the Rise of China
Energy Secretary Expects Fusion to Power the World in 8-15 Years
South Koreans Feel Betrayed Over Immigration Raid, Now Comes the Blowback
Tesla Megapack Keynote LIVE - TESLA is Making Transformers !!
Methylene chloride (CH2Cl?) and acetone (C?H?O) create a powerful paint remover...
Engineer Builds His Own X-Ray After Hospital Charges Him $69K
Researchers create 2D nanomaterials with up to nine metals for extreme conditions
The Evolution of Electric Motors: From Bulky to Lightweight, Efficient Powerhouses
3D-Printing 'Glue Gun' Can Repair Bone Fractures During Surgery Filling-in the Gaps Around..
Kevlar-like EV battery material dissolves after use to recycle itself
Laser connects plane and satellite in breakthrough air-to-space link
Lucid Motors' World-Leading Electric Powertrain Breakdown with Emad Dlala and Eric Bach
Murder, UFOs & Antigravity Tech -- What's Really Happening at Huntsville, Alabama's Space Po
Part of the emerging generation of fintech startups, the new digital-only banks—colloquially known as the challenger banks by the financial technology "in" crowd—appear to be approaching consumer banking very differently than the existing major main street banks. The question is, how deep does that commitment go?
Trying to get a feel for them then, it's sort of interesting to see some of the same security anti-patterns developing in the challenger banks that exist in the traditional big banks. For instance, one of them just phoned me and asked me to provide personal information for "security verification" before they'd discuss what they were calling me about.
Providing information to someone cold calling you isn't something you should be prepared to do—no matter whether you're expecting the call, or who they say they're calling from. It also shouldn't be something a company asks their customers to do, at least not if they have a solid security culture.
This security anti-pattern is one of the most irritating consumer-facing security problems that large institutions like banks suffer from, as it has the potential—as a pattern—to assist fraudsters attempting to extort data from customers to commit identity fraud. If you're used to handing over your identity in the opening seconds of a phone call, you're far more likely to hand it over to the wrong person.
Unfortunately there really is no way to mutually, and securely, authenticate using a single-channel medium like a phone call. However the digital-only challenger banks have an easy way around this problem, they have an app, and a second channel.
One possible solution then would be to send a push notification "The person you're talking to on the phone is really from your bank" once the the phone call has begun. This is a perfectly reasonable way to prove that the caller is legitimate, after all, making their own app do something while they're talking to you is a decent first-cut at a second channel proof of authenticity.