{"id":2440,"date":"2007-07-10T10:12:44","date_gmt":"2007-07-10T09:12:44","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/?p=2440"},"modified":"2017-01-14T13:57:36","modified_gmt":"2017-01-14T13:57:36","slug":"security-why-the-banks-just-don%e2%80%99t-get-it","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm","title":{"rendered":"Security &#8211; Why the banks just don&#8217;t get IT"},"content":{"rendered":"<p>A few weeks back, I read a <a href=\"http:\/\/www.itweek.co.uk\/itweek\/comment\/2187442\/first-direct-upgrade-scores-low\">column in the IT trade press<\/a> about my bank&#8217;s botched attempt to upgrade their website security and I realised that it&#8217;s not just me who thinks banks have got it all wrong&#8230;<\/p>\n<p>You see, the banks are caught in a dilemma between providing convenient access for their customers and keeping it secure. That sounds reasonable enough until you consider that most casual Internet users are not too hot on security and so the banks have to dumb it down a bit.<\/p>\n<p>Frankly, it amazes me that information like my mother&#8217;s maiden name, my date of birth, and the town where I was born are used for &#8220;security&#8221; &#8211; they are all publicly available details and if someone wanted to spoof my identity it would be pretty easy to get hold of them all!<\/p>\n<p>But my bank is not alone in overdressing their (rather basic) security &#8211; one of their competitors recently &#8220;made some enhancements to [their] login process, ensuring [my] money is even safer&#8221;, resulting in what I can only describe as an unmitigated user experience nightmare.<\/p>\n<p>First I have to remember a customer number (which can at least be stored in a cookie &#8211; not advisable on a shared-user PC) and, bizarrely, my last name (in case the customer number doesn&#8217;t uniquely identify me?). After supplying those details correctly, I&#8217;m presented with a screen similar to the one shown below:<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/ing-login.gif?w=700&#038;ssl=1\" alt=\"Screenshot of ING Direct login screen\" \/><\/p>\n<p>So what&#8217;s wrong with that? Well, for starters, I haven&#8217;t a clue what the last three digits of my oldest open account are so that anti-phishing question doesn&#8217;t work. Then, to avoid keystroke loggers, I have to click on the key pad buttons to enter the PIN and memorable date. That would be fair enough except that they are not in a logical order and they move around at every attempt to log in. This is more like an IQ test than a security screen (although the bank describes it as &#8220;simple&#8221;\u009d)!<\/p>\n<p>I could continue with the anecdotal user experience disasters but I think I&#8217;ve probably got my point across by now. Paradoxically, the answer is quite simple and in daily use by many commercial organisations. Whilst banks are sticking with single factor (something you know) login credentials for their customers, companies often use multiple factor authentication for secure remote access by employees. I have a login ID and a token which generates a seemingly random (actually highly mathematical) 6 digit number that I combine with a PIN to access my company network. It&#8217;s easy and all it needs is knowledge of the website URL, my login ID and PIN (things that I know), together with physical access to my security token (something I have). For me, those things are easy to remember but for someone else to guess &#8211; practically impossible.<\/p>\n<p>I suspect the reason that the banks have stuck with their <a href=\"http:\/\/en.wikipedia.org\/wiki\/Security_theatre\">security theatre<\/a> is down to cost. So, would someone please remind me, how many billions did the UK high-street banks make in profit last year? And how much money is lost in identity theft every day? A few pounds for a token doesn&#8217;t seem too expensive to me. Failing that, why not make card readers a condition of access to online banking and use the Chip and PIN system with our bank cards?<\/p>\n<p>[<a href=\"http:\/\/www.seriosoft.com\/Blog\/?p=168\">This post originally appeared on the Seriosoft blog<\/a>, under the pseudonym Mark James.]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A few weeks back, I read a column in the IT trade press about my bank&#8217;s botched attempt to upgrade their website security and I realised that it&#8217;s not just me who thinks banks have got it all wrong&#8230; You see, the banks are caught in a dilemma between providing convenient access for their customers &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Security &#8211; Why the banks just don&#8217;t get IT<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[218,38],"tags":[43,458],"class_list":["post-2440","post","type-post","status-publish","format-standard","hentry","category-technology","category-inane-waffle","tag-security","tag-seriosoft-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security - Why the banks just don&#039;t get IT - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don\u2019t-get-it.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security - Why the banks just don&#039;t get IT - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"A few weeks back, I read a column in the IT trade press about my bank&#8217;s botched attempt to upgrade their website security and I realised that it&#8217;s not just me who thinks banks have got it all wrong&#8230; You see, the banks are caught in a dilemma between providing convenient access for their customers &hellip; Continue reading Security &#8211; Why the banks just don&#8217;t get IT\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don\u2019t-get-it.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2007-07-10T09:12:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-01-14T13:57:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Security &#8211; Why the banks just don&#8217;t get IT\",\"datePublished\":\"2007-07-10T09:12:44+00:00\",\"dateModified\":\"2017-01-14T13:57:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\"},\"wordCount\":587,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/ing-login.gif\",\"keywords\":[\"Security\",\"Seriosoft blog\"],\"articleSection\":[\"Technology\",\"Waffle and randomness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\",\"name\":\"Security - Why the banks just don't get IT - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/ing-login.gif\",\"datePublished\":\"2007-07-10T09:12:44+00:00\",\"dateModified\":\"2017-01-14T13:57:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/ing-login.gif\",\"contentUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/ing-login.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security &#8211; Why the banks just don&#8217;t get IT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security - Why the banks just don't get IT - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don\u2019t-get-it.htm","og_locale":"en_GB","og_type":"article","og_title":"Security - Why the banks just don't get IT - markwilson.it","og_description":"A few weeks back, I read a column in the IT trade press about my bank&#8217;s botched attempt to upgrade their website security and I realised that it&#8217;s not just me who thinks banks have got it all wrong&#8230; You see, the banks are caught in a dilemma between providing convenient access for their customers &hellip; Continue reading Security &#8211; Why the banks just don&#8217;t get IT","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don\u2019t-get-it.htm","og_site_name":"markwilson.it","article_published_time":"2007-07-10T09:12:44+00:00","article_modified_time":"2017-01-14T13:57:36+00:00","og_image":[{"url":"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif","type":"","width":"","height":""}],"author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Security &#8211; Why the banks just don&#8217;t get IT","datePublished":"2007-07-10T09:12:44+00:00","dateModified":"2017-01-14T13:57:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm"},"wordCount":587,"commentCount":0,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif","keywords":["Security","Seriosoft blog"],"articleSection":["Technology","Waffle and randomness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm","name":"Security - Why the banks just don't get IT - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif","datePublished":"2007-07-10T09:12:44+00:00","dateModified":"2017-01-14T13:57:36+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#primaryimage","url":"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif","contentUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/ing-login.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/security-why-the-banks-just-don%e2%80%99t-get-it.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Security &#8211; Why the banks just don&#8217;t get IT"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":5239,"url":"https:\/\/www.markwilson.co.uk\/blog\/2014\/06\/consumer-banking-security-two-or-three-tales-of-farce.htm","url_meta":{"origin":2440,"position":0},"title":"Consumer banking security: two (or three) tales of farce","author":"Mark Wilson","date":"Wednesday 25 June 2014","format":false,"excerpt":"I've written before about the nonsensical nature of UK banking websites, with security theatre that's supposed to make us feel that a sequence of restrictive usernames, passwords, passcodes and memorable words (all passwords of one form or another) linked with publicly available information (date and place of birth, etc.) is\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":839,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/why-the-banks-just-dont-get-it.htm","url_meta":{"origin":2440,"position":1},"title":"Why the banks just don&#8217;t get IT","author":"Mark Wilson","date":"Tuesday 10 July 2007","format":false,"excerpt":"Identity theft worries me. It doesn't stop me sleeping at night but nevertheless it does worry me. It seems that each time I log in to a banking website the security has been \"enhanced\" with yet another item that I fail to enter correctly and then have to call the\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4539,"url":"https:\/\/www.markwilson.co.uk\/blog\/2012\/11\/more-retail-banking-security-theatre.htm","url_meta":{"origin":2440,"position":2},"title":"More retail banking security theatre","author":"Mark Wilson","date":"Sunday 4 November 2012","format":false,"excerpt":"Yesterday, I bought a new suit. Nothing remarkable there but I paid on my Lloyds TSB Duo Avios credit card. A card that I will shortly be cutting into little pieces because it's useless to me if the bank declines transactions on an apparently random basis... You see, I also\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":947,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/11\/25-million-people-caught-up-in-uk-government-data-security-fiasco.htm","url_meta":{"origin":2440,"position":3},"title":"25 million people caught up in UK Government data security fiasco","author":"Mark Wilson","date":"Tuesday 20 November 2007","format":false,"excerpt":"I'm treading carefully here to avoid political comment but, for those who haven't seen tonight's news, a UK Government department has lost the personal details for 25 million people including names, dates of birth, national insurance\/child benefit numbers and bank details. On a CD. In the post. So, I'd like\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":956,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/12\/tno.htm","url_meta":{"origin":2440,"position":4},"title":"TNO","author":"Mark Wilson","date":"Tuesday 4 December 2007","format":false,"excerpt":"There is a well known phrase in IT security - trust no one (often abbreviated to TNO).\u00a0 A couple of weeks ago, a United Kingdom government department admitted to having lost a couple of discs containing, among other things, names, addresses, dates of birth and bank account details for my\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":742,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/03\/phishing-and-wider-issue-of-identity.htm","url_meta":{"origin":2440,"position":5},"title":"Phishing and the wider issue of identity theft","author":"Mark Wilson","date":"Tuesday 29 March 2005","format":false,"excerpt":"Phishing worries me. In fact, identity theft in general is one of my major concerns (and is the reason I refuse to do any more business with Halifax Bank of Scotland, one of the UK's largest banks, who will not respond to letters or e-mails requesting that they remove my\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"http:\/\/www.tqlkg.com\/image-1875354-8132995","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/2440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=2440"}],"version-history":[{"count":7,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/2440\/revisions"}],"predecessor-version":[{"id":6878,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/2440\/revisions\/6878"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=2440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=2440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=2440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}