The Easy solution
Seems to me that the easiest solution is being overlooked. Financial institutions seem prone to take the quickest route to supply services to customers instead of taking a moment to consider what would be safe.
Hows this:
2 stage transactions and two users supplied passwords.
I log into my bank with a user name and password and do all my transactions.
The bank system generates a transaction list and a confirmation number.
I log off the bank system online. Pickup my telephone call the bank phone system, enter the confirmation number and a pin number (previously setup in the bank). If the confirmation number and pin match the transactions are processed, if not confirmed within say 1 or 2 hours the transactions are not processed and purged from the bank system.
As convenient as plain online banking NO
Simple for even non computer users YES
Highly secure YES
Totally secure ?YES for those of us with less than 6 figure bank balances as it is likely to be too cumbersome for hackers to circumvent for small paybacks.
* ok for banks out there that might read this don't be stupid and allow the user to change their dialup PIN # online. This MUST be done in the bank itself AND a warning message sent to the user (NOT including the pin) that the PIN has been changed.
Ok where is my thinking wrong?
