Westpac Bank Introduces SSL Certificate Checking

Published: 7:03 PM GMT+12, Sunday, 26 March 2006 under: technology
phishing  banking 

In response to the increase of phishing attacks it seems my local bank has added a new step to their online banking login process.

Before a user gets to enter their username/password theres now a page describing how to check the SSL certificate of the site your browsing is actually the site you're expecting.

Whilst this is a great move on the banks part, as someone just mentioned "not useful if people are phished and go to the wrong site". There's been notification from the bank about this additional step in the login process, so if a user innocently heads off to westpac.co.nz.com.br instead, they'll never see this confirmation page, and never be none the wiser...

Comments (1)

It would be better (for personal banking at least) if the bank issued individual client certificates, and used that as PART of the authentication process.

Better still, a physical two-factor-authentication system.

<a href="http://en.wikipedia.org/wiki/Two-factor_authentication">two factor authentication</a>

left by llyric . Monday, 27 March 2006 10:20 AM
Add Comment