Wearing 2 seatbealt
When DBS introduced the second factor authentication (2FA) for their iBanking services, I thought it is meant for customer who requested for it. To me, it is just overkill.
Then I recieved this package few days back.
Damn. I was auto-included in the stupid overkill scheme. Called their customer service to request for opt-out from the 2FA. I was told that I can't.
It just doesn't make sense. The idea of internet banking is to allow user access to banking service anywhere conveniently. But now, we need to carry this stupid looking dog tag where ever we go so that we can access internet banking. Why should I be forced to carry this?
Isn't our existing userid and password safe enough? How can a hacker hack our userid and password? They can't use brute force because there will be a limited number of tries. They can't intercept the data transmitted over the internet because it is 128bit encrypted.
Only way is via key logger or phishing. Keylogger is some program installed in your computer that capture all they keys that you press. Phishing is where hacker create a fake website that look exactly the same as your internet banking website to trick you to revealing your userid and password.
So can the 2FA prevent keylogger and phishing? No. It does make it harder for hacker to gain access to your account, but its not impossible. The 2FA generate a new set of number every 60 second. Meaning when hacker got your userid, password and 2FA key, they got less than 60 second to access your account or the password is invalid. Its hard for hacker to do that, but it is not impossible.
But look at it this way, so what if a hacker managed to gain access into our internet banking account? What damage can he do?
Ok, the hacker can look at your bank account balance. See see lor. I suppose most people don't mind, judging by the number of ATM reciept thrown on top of the machine. He cannot transfer the money to his account or pay his bills. Because you need to set up a new transfer or bill payment arrangement. And to set up the arrangement, the internet banking will sms you a passcode which you need to enter before you can start transfering money.
So basically, a hacker can't take your money even if he has access to your internet banking account.
So why are we forced to wear 2 seat belt in a car?
From what I understand, it is a Monetary Authority of Singapore ruling. All the banks in Singapore must provide 2FA for their internet banking service.
Ok, then why doesn't DBS give customer the option of using SMS instead of the stupid looking dog tag? Look what UOB is doing. They are giving customer the option to choose between a dog tag or SMS. I'll surely choose SMS so that I don't need to carry an extra device everywhere I go.
I hate the dog tag. I want the freedom to log into my internet banking anywhere I like. Still thinking if I should cancel my DBS account as a sign of protest. The problem is, my company deposit my salary into that account. If I want to close it, I'll need to inform payroll to change the account too.
I miss that pretty gal sitting on the floor with a iBook.
I'll miss the feeling of that freedom she is enjoying.
Can someone get rid of that aunty with 2 seatbelts?
PS: Interesting..... the gal using the ibook represent freedom of logging into their internet banking anywhere you like (no wires, sit in a relaxed manner and dress casually), while the gal with 2 seatbelt represent being restricted when logging into internet banking (tied with 2 seatbelt, sitting straight and dress formally).