Bank Security Sucks

Why is it, I can get a security key fob from PayPal for a mere $5, but not from my credit card company or bank? PassMark seems to be the latest craze of banks in an attempt to look more secure. It doesn’t work. Online security still seriously sucks. 96.66% fell for phishing according to Harvard and MIT just a few months ago. Interestingly both of those links reference the same bank (Bank of America), though they aren’t the only ones.

And I’m supposed to believe RFID enabled credit cards aren’t trouble? I think not. I’ll wait until the technology has been proven a bit more. Swiping the card really isn’t that hard. I find it to be a good workout. For the security of knowing my wallet is a good security device, I don’t mind the inconvenience. When they can prove it’s secure I’ll switch. I doubt that will be for a while.

I wonder how long until financial institutions start taking security to the next level. I’m confident they will be pushed to do so at some point. I’m just wondering what the catalyst for change will be. I’m guessing some more alarming statistics. I really want to see hardware based two-factor authentication the defacto standard in all banking systems. If PayPal can do it for $5 per user, I think the rest can manage to offer it. It’s not perfect, it doesn’t cover every type of attack, but it’s the single best enhancement over a good password. You do have a good password right?

[Hat Tip: The Consumerist]