My bank has instituted a pretty dumb security measure for online payments.
Whenever I make an payment online I have to enter a unique 5 digit security code. I have been given a list of 50 numbers by my bank and whenever they are all used I get a new batch sent to me.
When this scheme first came out I just had to enter the next unused number on the list, however they have now changed this so I have to use a random unused number from the list. So for my previous payment I had to use number 47, next time I might have to use number 23. This is supposedly for my protection and online security.
I may be dumb but I somehow fail to see why this is more secure than using number 19 after number 18. Both methods depend on a person having physical access to a list of numbers. If you have a list of numbers why is it more secure to use number 47 instead of number 19?
Someone somewhere thought this up and lots of people were involved in communicating and implementing this. I have to question the sanity of those involved though. Surely someone could have seen that the whole system falls apart when a fraudster actually has access to the list of 50 numbers. Am I missing something here?
Show all items | Read all items