RSS
Your account shows irregular activity.
In a full page ad on page 17 of today's New York Times, Chase Bank offers Free Security Alerts to notify you when something unusual is happening with your accounts.
No offense intended to Chase, but I get several emails a week informing me that my account has irregular activity. And sometimes these emails even come from banks where I have accounts. This is known as phishing.
The problem for Chase, where I am a customer by the way, is how to convince me that their email is the legitimate one.
A year ago I received an email from American Express that my card showed unusual activity. The email looked legitimate enough, but when I called the number in the email it occurred to me that it could be a very organized crime. I asked the female operator how I could know I was speaking to American Express. She told me to hand up and dial the number on the back of my card. I did, and was connected to the same person, so I was pretty sure. And then she asked me the requisite twenty questions to prove I was me.
The problem here is one of identity. How can I securely identify an email as actually having come from the purported sender? How can they prove that I am me?
At the very minimum it would be nice if email software validated that all of the links in the message came from the actual domain of the apparent sender.
Perhaps the time has come for everybody to have their own Verisign key. At the very minimum we need some way to prove who we are. And it isn't just email. Asking me for the last four digits of my social security number, as ATT used to do, or for my mother's maiden name, isn't all that secure either.
Powered by Bleezer