Chase Mortgage Group

In my article "Spear-Phishing - New Angles On An Old Game" (http://www.cafeid.com/art-spear.shtml), I wrote about a variation on "traditional" e-mail phishing that has proved to be more effective than random casting of stink-bait into a vast pool of random e-mail addresses. The increase in effectiveness is the result of more focused targeting of potential victims through the use of real, usually stolen, corporate documents and so on that make the bait seem more legitimate to a much smaller group of recipients. This week, we take a look at PassMark's SiteKey, the first solution to be adopted by a major institution in its effort to combat phishing.

Consolidate Student Loans The Charlotte-based Bank of America is in the process of rolling out its plans to adopt the PassMark system in an effort to secure its online communications with its 13 million customers across the country. The Bank should be applauded for implementing such extensive changes to its online security model in spite of the fact that phishing is not yet, in and of itself, costing banks a great deal of money.

choice writing questions on the SAT. The first group, Improving Sentences, of an underlined portion of a sentence. Sentence Error questions ask you to figure out which part of a sentence contains an error. Those on Improving Paragraphs test your ability to organize and clarify information. For all of these question types, think about the simplest, clearest way to express an idea. If an answer choice sounds awkward or overly complicated, chances are good that it's wrong.

Home Equity Loans What it is costing the bank, however, is online-banking customers. ConsumerAffairs.com reported late last month
(http://www.consumeraffairs.com/news04/2005/gartner.html) on a Gartner survey that indicated that 14% of those who had banked online had stopped because of security concerns, and 30% had altered their usage. For financial services companies like Bank of America that seem intent on removing the element of human contact once and for all from customer relations, that lack of confidence has to be disturbing.

These FAQs will help you understand the mortgage market better by answering the most common questions, without the jargon.

Home Equity Loan Rates As the practice of phishing becomes more and more sophisticated, so will the effort to combat it; and you can be sure that effort will be fraught with nominal solutions and opportunistic hand-waving that provide little more than a false sense of security. And while PassMark's system is better than nothing, it fails to address the roots of the problem and may give consumers the mistaken notion that the problem is someone else's to solve.

Below we have outlined the most common questions asked about loans. Please click on a question to get the relevant answer.

Homeowner Loans What Is SiteKey?

Information mortgage broker FAQ mortgage broker Free Course by Email mortgage broker Prequalify Myself debt Facts about Home Loans (Mortgages) Prospective homeowners should explore their options prior to signing on the dotted line of a mortgage agreement. Probably the most critical thing to know and understand when acquiring a Home loan is to know what the various terms mean. This can be accomplished easily by asking a lot of questions and asking your estate agent to explain everything to you. Plus, some online browsing can turn up the answers to most of the questions that you might have.

Equity Loan Rates PassMark calls its system a "Two-Factor Two-Way Authentication"(TM) system. A two-factor system, according to the PassMark website, is one that relies on two identifying bits of information to authenticate a transaction. One factor might be a traditional password, and the second (the problematic one, apparently), might be a key fob or even some sort of biometric reader, items which are "not practical for the consumer market with millions of users." A two-way authentication system provides the capability not only for you to prove to the bank you are who you claim to be, but also for the bank to prove to you that it is really the bank sending you that e-mail or presenting you that website page.

We have also put together a handy Frequently Asked Questions section, which answers some of the most common mortgage questions that people ask us, such as how do interest rates affect mortgage repayments And, what are fixed rate or tracker rate mortgages

Student Consolidation Loans To implement the two-factor system, PassMark bypasses traditional second factors like hardware devices that customers are apparently too dumb to maintain in their possession. "Even if you give them away for free," the PassMark website chides, "many users will forget them or lose them." Instead, the company takes a look at your computer and creates a unique "fingerprint" of the machine, consisting of things like HTTP headers, the IP-address, software configurations and even its geographic location (based on IP-address geomapping). It then has something to go by the next time you visit the site.

Second Mortgages For two-way authentication, SiteKey assigns a secret image known, ostensibly, only to the customer and to the institution. Customers logging into the company's website will see the image and recognize it as a marker that the site is legitimate, and outgoing e-mail from the company to the customer will also carry the image to mark legitimate e-mail.

Federal Consolidation Loan Sounds Great. What's Wrong With It?

Equity Loan The SiteKey system fails, according to IT Security Architect Doug Ross (http://directorblue.blogspot.com/2005/06/making-phishers-solve-captcha-problem.html),
to address the fundamental problem of phishing because it leaves the customer susceptible to the classic "Man in the Middle" false-storefront attack. Since there's no way to distinguish the customer's virgin computer from a phisherperson's "malicious, zombie PC", according to Ross, "the zombie PC could present a false BofA store-front to the victim and proxy login information from the user to the bank and any resulting pages and images from the bank to the victim."

Refinancing With Bad Credit If Bank of America doesn't recognize the computer you're on, it will ask you one of your "secret questions" and a correct answer will display the SiteKey. Reasons it might not recognize your computer include, but aren't limited to, the possibility that you're on a different computer, that you're behind a firewall or that you don't allow it to place the secure cookie.

Home Equity Line Of Credit Even if SiteKey does recognize your computer, there's no indication that you're the one using your computer or that it is even in your possession. People lose laptops, too, in a variety of ways.

Federal Consolidation In addition, and this is probably the most worrying caveat, given the recent rash of massive security breaches at large storehouses of personal information, the SiteKey approach still relies on the storage of images and so on in your personal records on the merchant's database. Compromise of this data would leave you just as vulnerable as you'd be if your login and password were obtained.

Equity Loans Toward A Real Solution

Student Loan Consolidate The PassMark system is better than a standard login/password authentication scheme when it comes to securing the communication between you and the institution. However, it is Bank of America's (and, to be fair, most other such institutions') efforts to cut costs by removing human contact almost entirely from the customer service equation that has made phishing more and more lucrative by driving more and more customers to banking online.

Consolidate Loans Still, there are ways to improve this process. Ross nails it in a sidebar relating to the Bank of America website: "isn't it odd that when you go the Bank of America site, you immediately note that the page is presented in cleartext ("http://"), not SSL ("https://). The first step to combat phishers is to provide an SSL connection... first time, every time. Customers need to get used to expecting a secure connection on every BofA page."

Home Loans Refinancing Here at Cafe ID (http://www.cafeid.com), we agree wholeheartedly. If you have a secure certificate, actually using it will go a long way toward securing transactions on your site, certainly further than putting up a cute picture of a dog and asking the customer to take that as evidence of a site's legitimacy. Certificate authentication remains the best way for the company to prove its identity to the customer. Besides, there's no downside to securing your website, particularly for companies dealing in online transactions involving money.

Consolidate College Loans With online banking, what customers gain in convenience and they lose in security. It may be time to consider stepping back a bit from technology's bleeding edge and just go down to the bank. But the convenience of online banking and bill-paying cannot be ignored. Customers want this capability, and they expect banks to work out a solution. Unfortunately, a real solution to the problem of phishing requires more than clever challenge-response systems. It requires, first and foremost, that the end-users take control of their online security rather than leaving it up to a third party.

Student Loan Refinance How do you do this? Pay attention when you're online. No reputable companies are going to attempt to conduct important business via e-mail, and so answering e-mails alerting you to some problem with your account is generally a bad idea. Proceed straight to the company's website by typing it into your browser bar, and if you don't see a secure connection indicator in your browser, don't enter personal information about yourself.

Equity Home The best way to deal with a bank used to be to establish a solid personal relationships with its human employees; unfortunately, however, this is becoming an increasingly unworkable option. I suppose we can hang up the idea of going back to the teller window; but until better controls are in place on both the way personal information is communicated and the way it is stored, suspicion will remain the most effective way of keeping yourself protected against phishing.

Home Line Of Credit Trevor Bauknight is a web designer and writer with over 15 years of experience on the Internet. He specializes in the creation and maintenance of business and personal identity online and can be reached at trevor@tryid.com. Stop by http://www.cafeid.com for a free tryout of the revolutionary SiteBuildingSystem and check out our Flash-based website and IMAP e-mail hosting solutions, complete with live support



Contact him at http://www.cafeid.com

[ Comment, Edit or Article Submission ]