Aardvark Daily aardvark (ard'-vark) a controversial animal with a long probing nose used for sniffing out the facts and stimulating thought and discussion.

NZ's leading source of Net-Industry news and commentary since 1995
Australasia's "New Economy" News And Commentary Site
Headlines | XML feed | Contact | New Sites | Archives | Job Centre | MARKETPLACE | For Sale
Note: This column represents the opinions of the writer and as such, is not purported as fact
Is Online Banking Risky? You Bet! 2 May 2002 Edition
Previous Edition | Archives

Million $ Ideas
At last, the contents of Aardvark's "million-dollar ideas" notebook are revealed for all to see!
Click To See
Here's the scenario...

You log on to the Internet in order to access your bank's online banking service so you can pay a credit card bill and move some funds around between accounts.

Hang on -- what's this? Why are all your accounts showing a zero balance?

A quick check of recent transactions shows that a week or so ago, all your money was transferred to someone else's account -- seemingly through the very online system you're currently using.

Sponsorship Opportunity
As another method of offsetting the cost of running this site, I'm considering the use of sponsorship -- but would like some feedback.

Based on recent stats, a sponsor could expect to have their branding delivered around a million times a year to an extremely well targeted audience of (mainly Kiwi) internet/IT professionals and hard-core Net users.

If you're brave enough to be Aardvark's exclusive sponsor for a year, or if you're a reader who'd like to voice your opinion on the matter then please contact me

You ring the bank to find out what's going on and are told that someone using your ID and login performed the transfer some five days ago and that this isn't the bank's fault or problem.

Uh oh... what are you going to do now?

You run a virus scan on your computer and it finds a trojan program that has, for the past month, been quietly betraying your secrets to an unknown party somewhere out there in the ether.

Unknown to you, the trojan arrived as an email that had an attachment which you opened out of curiosity. After all, you're not someone who regularly reads Aardvark or any other Internet-related publication and you believed Microsoft when it said that Windows XP was the most secure version ever produced so how were you to know this was a stupid thing to do?

Readers Say
(updated hourly)
  • ANZ Online... - warwick
  • Bank Security... - annon
  • Bank Security... - Lindsay
  • Or Run Linux... - Peter
  • National Bank... - Anton
  • alternate operating systems... - Warwick
  • National Bank Online banking... - Kevin
  • Have Your Say

    Right now you're penniless and you're hoping like hell that the bank will accept that this wasn't your fault -- what are your chances?

    A quick survey of the "Terms and Conditions" associated with NZ's online banking services seems to indicate that you might be out of luck.

    You can read them for yourself to see what I mean:

    It would appear that if you take every reasonable precaution to prevent unauthorised access to your PC (and hence unauthorised use of your ID/password) then you might (let me emphasize "might") be indemnified -- however, only the BNZ clearly lays out in any real detail what it considers to be acceptable and unacceptable.

    You have to wonder whether anyone will be able to use the BNZ's service without infringing at least one condition however. According to Section 6.2, clause f:

    "You agree not to open e-mails or attachments or run software from untrusted or unknown sources".

    Yes, that's right -- if you use BNZ's online banking service you are strictly forbidden from opening emails from people you don't know. Let's make that quite clear -- it's not that you can't open attachments on such emails -- you can't even open the mail itself.

    If you're a trader using a website to solicit new business then you'll just have to ignore those emails from prospective new customers -- how dumb is that?

    Obviously the BNZ is trying to cover its backside to avoid liability in the scenario I've already described -- but it is plainly outrageous to ask a customer to ignore emails just because the sender is not previously known to them.

    The helpdesk worker I spoke to at the BNZ regarding this draconian clause said that it probably only meant you couldn't open attachments -- but if that's the case, why doesn't it say that? I think you and I both know that when it comes to protecting the interests of shareholders, banks and insurance companies tend to enforce the letter of their contracts quite stringently.

    However, you've got to have some sympathy for the banks. Why should they have to pay up if your money goes missing through no negligence or fault on their part?

    Well perhaps there is fault on the bank's part.

    Perhaps they're negligent for using such an easily circumvented method of authentication as an ID and password. Goodness knows, there are many alternatives available (even the one I've been trying to tout with little success) which are far less vulnerable.

    Let's face it -- even the act of choosing a password is a compromise. All the banks demand that it not be something too short or easily guessed (such as a birth-date, name of a family-member, etc). On the other hand they forbid you from writing down or storing electronically that hard-to-remember password -- what's a person to do?

    Likewise -- the banks (particularly BNZ it would seem) are patently aware that Microsoft Windows is an intrinsically insecure platform so, by acknowledging the risk, they must also share in the liability.

    Whatever the case -- if you're using an online banking service you'd better make absolutely sure that you have effective anti-virus software with regularly updated data files and that your operating system, mail program and browser are updated to the latest versions at all times.

    Anything less and you're effectively leaving your life savings on a virtual park-bench somewhere in cyberspace.

    Have Your Say
    As always, your comments are welcomed. Please remember to select "For Publication" if you want them included on this site.

    Have your say.

    Add Aardvark To Your Own Website!
    Got a moment? Want a little extra fresh content for your own website or page?

    Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

    Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

    Contact me if you decide to use either of these feeds and have any problems.

    Linking Policy
    Want to link to this site? Check out Aardvark's Linking Policy.

    Did you tell someone else about Aardvark today? If not then do it now!

    Security Alerts
    Security flaw in Microsoft Office for Mac (CNet - 18/04/2002)

    A trio of MS-Office security vulns (TheReg - 10/04/2002)

    Two new "critical" bugs patched in IE (ZDNet - 01/04/2002)

    Second Java hole poses Windows risk (CNet - 20/03/2002)

    Microsoft offers patch for Java software (CNet - 06/03/2002)

    Virus Alerts
    New Klez worm squirms across Internet (CNet - 18/04/2002)

    Aphex E-mail Worm Has A Way With IRC, Instant Messenger (NewsBytes - 11/04/2002)

    'Bill Clinton' Worm Gets Around (NewsBytes - 22/03/2002)

    Bookmark This Page Now!


    NZL Sites
    NZ Netguide
    NZ Herald Tech
    PC World NZ
    NZOOM Technology WordWorx

    AUS Sites
    Fairfax IT
    Australian IT
    AUS Netguide
    NineMSN Tech
    APC Magazine

    USA Sites
    CNNfn Tech
    Yahoo Tech
    ZDNet Tech
    USA Today Tech
    7am.com SciTech

    UK Sites
    The Register
    BBC SciTech


    The Day's Top News
    Open in New Window = open in new window
    New Zealand

    Open in New Window Microsoft complainant publishes open letter
    The Auckland lawyer who has filed a complaint against Microsoft licensing practices with the Commerce Commission has posted an open letter to Microsoft users on the web...

    Open in New Window TelstraClear keen to work with Telecom: Telstra CEO
    TelstraClear is keen to work with Telecom on access and interconnection issues, but says it will "overbuild" if it has to in areas where it's viable...


    Open in New Window USB Port Devices Pose Security Threat
    Firewalls and virus checkers are no defense against the latest form of computer attack that comes via open USB ports. Not only can viruses, worms and Trojans get into the corporate network this way...

    Open in New Window RIAA Lauds Action Against Foreign CD Piracy
    The U.S. government is making a strong effort to enforce existing trade agreements that bar music piracy, Hilary Rosen, the president and CEO of the Recording Industry Association of America (RIAA) today said in a written statement...

    Open in New Window Site Barks About Deep Link
    The Dallas Morning News demands that BarkingDogs.org stop linking to individual stories from the newspaper's website and link to the front page only. The controversy over deep-linking deepens...

    Open in New Window You've Got Google!
    In its biggest client win to date, search technology upstart Google, Inc. has added AOL, CompuServe, AOL.COM and Netscape to its paid listings roster, beating out incumbent Overture Services...

    Open in New Window Another Go at Kid Porn Law
    The Supreme Court's ruling that sex simulations showing children are allowable under the Constitution prompts lawmakers to propose modified legislation...


    Open in New Window PIN codes and line blocks to stop porn and call dumping
    Downloading pornography from the internet will require a PIN and written approval from the householder under a government bid to crack down on premium rate phone services...

    Open in New Window Telstra ADSL users blocked from Symantec site
    The problem came to light yesterday when a user complained about being unable to access the site to manually download daily antivirus definitions for several days...


    Open in New Window Melissa virus author jailed for 20 months
    The author of the infamous Melissa virus was sentenced today to 20 months in Federal prison for causing millions of dollars of damage through its release into the wild in March 1999....
    The Register

    Open in New Window Apple sues over Macromedia Flash MX
    Apple has filed a lawsuit against Sorenson Media over technology licensed to Macromedia for the new Flash MX player...

    Open in New Window Video ads click with online marketers
    Mainstream marketers are increasingly embracing the video- and animation-filled Web spots that serve as an alternative to traditional banner and pop-up ads, according to a new study...

    Open in New Window With Microsoft's quantum licensing, many parallel universes are possible
    The Beast of Redmond could yet confound attempts to scrutinize its monopoly with an escape strategy of fiendish cunning...
    The Register

    Open in New Window RealNetworks, Sony look beyond the PC
    RealNetworks on Tuesday said it inked a multiyear partnership with Sony, extending their long-held relationship to include digital audio and video distribution to home-networked devices...

    Looking For More News or Information?

    Search WWW Search Aardvark

    Privacy Policy | Copyright © 2002, Bruce Simpson, republication rights available on request

    jet engine page