With most US banks, you can ask them to put in a note on your account file for a code word, it will show up anytime the account file is pulled up. Now, whether or not a customer service agent will know to do so is another question. Maybe as attack vectors like this are utilized more often it will become part of their SOP. Or just stop using voice verification. In my experience, even if you pass voice verification, it only grants you access to the account and check balance and txs but still requires information like PIN or a code sent in the app or phone number. There are attack vectors for these as well but not guaranteed.
The other use cases (like calling payroll, etc) likely don’t have the same protections and probably would be more effective.
Just thought I'd let you know that whenever you navigate to the login page (http://sendicate.net/login) a notification at the top of the page pops out and tells me I've signed out successfully, but I don't even have an account yet.
I'm viewing this from Chrome, in case that matters.
I think this is more about proof of concept than a presentation of its readiness for production at a large scale or at any scale. Give it 5 more years and maybe we'll be closer to seeing it more frequently in the technologies we use.
The other use cases (like calling payroll, etc) likely don’t have the same protections and probably would be more effective.
reply