Which goes back to the root of the *real* problem here. Banks are mainly
concerned with physical security. Internet security has always been handled
as more of an afterthought and mainly for reasons of due diligence. The real
problem is the banks have a known security flaw with a simple password login
for account access. That, as has been discussed here, is a significant flaw
in the overall design of what should be a secure system and access method.
The underlying issue here is that the bank, whom should be the subject
matter expert, clearly is not. They offer one way, and one way only to
access, arguably, our most sacred information. Furthermore, they offer very
little, if any, training to their clients, the end-user. A quick thirty
second blurb is not due diligence for an organization that values it's
customers.
The bottom line is if they offered a SecureID sort of setup, or any other of
a number of methods out there that *would* circumvent a key logger or
similar hack, the customer would more times than not, comply. Even at the
customer's expense. Customers may not be technically savvy overall, but they
value their own money above even the bank. If it's explained that the added
cost/benefit is there, and is a real, tangible issue, a ten or twenty dollar
nominal fee is just that, nominal.
Until banks realize this, they are undoubtedly and unequivocally at fault.
Bill G.