Bruce on Phishing: It’s the Banks, Stupid

Bruce Schneier again talks sense, this time about phishing: Schneier on Security: Phishing

Financial companies have until now avoided taking on phishers in a serious way, because it’s cheaper and simpler to pay the costs of fraud. That’s unacceptable, however, because consumers who fall prey to these scams pay a price that goes beyond financial losses, in inconvenience, stress and, in some cases, blots on their credit reports that are hard to eradicate. As a result, lawmakers need to do more than create new punishments for wrongdoers — they need to create tough new incentives that will effectively force financial companies to change the status quo and improve the way they protect their customers’ assets.

(Here’s the full column at Wired, and here’s a discussion on Slashdot.)

Regular readers of this column will know this is similar to what I’ve been harping on about for a while although this is much better written and argued than anything I’ve said. Banks have got to accept responsibility for the problem, and devise solutions. To be fair, some are: My bank has finally gotten around to issuing SecurID-type number pads, and secondary authorisation for online credit card transactions.