As a 10-year-old I was quite a strict sort. One thing I couldn`t stand was kitsch. And the kitschiest thing I`d ever seen was the Rudyard Kipling poem "If", behind a friend`s bathroom door, which told young men to keep their wits about them, when all around them everyone else was losing their heads. The result would be manhood.
I knew it was nonsense, because to go with it, there were embroidered "lappies" in the kitchen with messages of hearth and home, and porcelain ducks in the lounge, although I`m probably making that one up. I concluded that Kipling was strictly for the birds.
But it turned out to be a useful pointer, and not just for men. (Incidentally, I`ve just figured out what Roger Whittaker meant by "I don`t believe in 'If` anymore".) Its use lies in helping us reassess the way we react to things that would otherwise seem the biggest crisis ever. So with Kipling in mind, let`s take one more look at the Absa e-banking and Web crisis of confidence.
By-products of the crisis
* It`s a way to sell you things
Others still blame the anti-virus vendors, who are "conspiring to sell more protection to owners of the systems they compromised in the first place".
Carel Alberts, Journalist, ITWeb
The more sophisticated info-security vendors will take a backseat on this one, preferring to be seen as thought-leaders, and not the serious-minded individuals that suddenly, urgently, want to sell you anti-virus, clever authentication alternatives, firewalls or what have you. Whether they have the stuff or not, they know the best thing is to find balance in all they say and be generally useful with the kind of information they give out. And most of all, good security lies in tying up technology, people and processes, boring as that sounds.
To give you an idea, one commentator in the industry refers to the following site as one of a few "nice pages to scare clients".
* It`s not Microsoft`s fault
One member of a public list promptly blamed Microsoft. This scarcely merits a response, one would think, because the matter concerns passwords, not the systems the bank runs. By way of providing balance, I should report that Swiss researchers have just found a way to speed the cracking of alphanumeric Windows passwords, according to CNet.
* It`s not the media`s fault either
Others blame the media. We must be the softest targets since tartrazine. Actually, they say, the bank is the real culprit, but it obviously believes everything Absa ever said, ignorant as all media are.
* And it`s not the anti-virus vendors` doing
Others still blame the anti-virus vendors, who are "conspiring to sell more protection to owners of the systems they compromised in the first place". The guy who cooked this one up had the decency to say it was his two cents` worth, by which he probably, and rightly, meant it is nonsense. He has clearly lived in Alexandra and paid protection money for too long.
But despite these startling revelations, I think we should recognise that both banks and customers must take a more active interest in banking security.
* It`s an opportunity for banks
Absa smartly came out with a press release that said it leads the fight for Internet security. That was fascinating in itself, and it must mean the bank knows something about the forensic investigation that puts it in the clear, even though one security expert ventured that the problem may have been with Absa kiosk terminals. Absa has tried hard not to sound high-handed, but perhaps this intimation that it is leading the way is a bit magnanimous.
Other banks came out with "we`re secure" releases, but nothing is ever that secure. Nedbank, for my money, came closest to answering keystroke-logging queries.
* It`s a reason to sound off
The other extreme is to get so technical on the matter that you bore the listener to tears. This is the problem I eventually had with the lists that take these sorts of issues very seriously. All sorts of solutions were offered to the problem, many of them admirably simple and effective, but just as many egos blew out and I had to press my fingertips to my lips and go "ommmmmmm" for a long time before I had the wherewithal to wade through it all.
Things to take away from this
I suppose I`m just a simple guy, but what I take from this event are the following simple things:
* Yes, it`s serious, but there are bank heists involving far more, and it`s not really a credible solution to say we should stop using Internet banking, or that SA Internet banking is less secure than any other.
* I am no more convinced of any security vendor`s cure-all solution than I was before, although I`m a little more wary of taking the easy way out with dumb, easily remembered passwords only, when the bank offers several layers of security.
* Absa`s actions are laudable in that it will take responsibility in cases where its fault could be established.
* It`s not an unanswerable crisis. Security is, as it has always been, the responsibility of all involved in the transaction, and there are ways to sufficiently secure your online banking. The only thing is to make use of it.
Share
