# General Business Category > Technology Forum >  Simple solution to online banking fraud?

## duncan drennan

Mikko Hypponen has proposed a simple solution which could help to prevent the online banking fraud which has become so common place.




> Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reasonÃ¢â¬âsomething like Ã¢â¬Å.bank,Ã¢â¬Â for example.
> 
> Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldnÃ¢â¬â¢t be just a few dollars: It could be something like $50,000Ã¢â¬âmaking it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.
> 
> Full article on Foreign Policy


It is really quite a simple idea, but could potentially stop a lot of fraud and phising. Websites with names like bankofamerica-online.com would easly be recognised as frauds. It almost seems overly simple, but the more I think about it, the more it seems like a relatively comprehensive solution.

----------


## RKS Computer Solutions

Sounds like a great idea, but I see a few problems in that...

How exactly do you convince a bank to fork over 50 grand for a new domain name, when they can't even be bothered to listen to their customers...

Let's take FNB for example...  I've requested simply for my statements to be emailed to me, verbally and 2 months later on an official letterhead stating that seeing as they weren't responding to my verbal requests (was in the bank), could I now get this done via a written request...

5 months later I still walk into the bank once a month or so, drop the letter on their table and request my free statements (cost R90) because they are either not interested in filling my request or like loosing money...  You decide...

On another point, have seen various reports of clients reporting fraud on their bank accounts only for them to be told by the bank that because they were not super diligent in ensuring that they were visiting the correct site, they would not be able to help in recovering their money....

Why would a bank that couldn't be asked to help their clients, be bothered to fork over 50 grand extra for something they don't care about...

*-- This is my opinion and mine only, not those of this site or it's Administrators or Affiliates --
*

----------


## duncan drennan

> How exactly do you convince a bank to fork over 50 grand for a new domain name, when they can't even be bothered to listen to their customers...


Well, they've got the money to give R1million to employees who report theft and fraud (they save HUGE bucks if fraud is reported)




> Let's take FNB for example...  I've requested simply for my statements to be emailed to me, verbally and 2 months later on an official letterhead stating that seeing as they weren't responding to my verbal requests (was in the bank), could I now get this done via a written request...
> 
> 5 months later I still walk into the bank once a month or so, drop the letter on their table and request my free statements (cost R90) because they are either not interested in filling my request or like loosing money...  You decide...


It is absolutely crazy. Everyone wins if they just hand over the statements. I think sometimes the biggest issue is that they have these funny internal structures (why are credit card division a law unto themselves???), which just confuse everyone. The right hand doesn't know what the left is doing.

Are these credit card statements, or transactional account statements?

----------


## Dave A

A nice idea, but in my opinion it just isn't going to stop people from being victims of phising.

I've now got a series of emails following on from the one I posted here - ostensibly from FNB warning me that there is a phising scam targetting FNB at the moment. 

The quality of the approach has steadily improved, but the links I'm being urged to click have not. They're way off anything remotely like the FNB site - and yet I'm damn sure some people are clicking.

It's so hard to protect people from their own ignorance.

----------


## duncan drennan

> The quality of the approach has steadily improved, but the links I'm being urged to click have not. They're way off anything remotely like the FNB site - and yet I'm damn sure some people are clicking.


I think the point here is that _hopefully_ after clicking a false link it becomes immediately obvious that the site is a fraud.

Let's say the phishers (?) are experts and set up an excellent email and copy of a FNB's website (one good enough to fool any of us, and avoiding the tactics we've all bee told to look out for). They happen to use the domain www.fnbbanking.co.za because that sounds very official and is close enough to the real thing to get away with. *If* FNB was on a .bank domain (e.g. www.fnb.bank) it is immediately and clearly obvious that the phishing site is a hoax. The phishers don't have access to the .bank domain (because the banks would regulate it strongly), and can't make a close enough forgery.

Unfortunately no idea can stop stupidity — build a fool–proof device and they make a better fool.

----------


## Debbiedle

Personally I think it is an elegant and simple solution.

----------


## RKS Computer Solutions

It's my normal transaction statements.  When the account was opened, it was signed and requested for statements to be posted...   Up until today I have yet to receive a single statement...

And speaking to the branch manager has had the same effect as wringing blood from a stone, got nowhere...

One thing about the phising though, I have a "DigiTag" from FNB, which means I could give out my account names and passwords to every person on the street, if they don't have access to a 20second remote generated code of the digitag they will never be able to get close to my accounts...  Unfortunately some bright spark at FNB has decided to stop with the digitags, which I reckon is one of the most secure features to have...  Unless you're a complete dimwit and keep account usernames/passwords and your digitag all in the same place...

*Does anyone have any contact with anyone from FNB that has half a clue?*

----------


## duncan drennan

> Unfortunately some bright spark at FNB has decided to stop with the digitags, which I reckon is one of the most secure features to have...


They now send the one–time–password (OTP) to your cell phone when you log in though (and digitag still works too doesn't it?), and you need that to add beneficiaries etc.




> Does anyone have any contact with anyone from FNB that has half a clue?


Have you tried there call centre? Other than the time I couldn't get hold of anyone (at the time of internet banking change over) they have been quite helpful.....0860 11 22 44

----------


## RKS Computer Solutions

FNB has stated that those with digitags will continue to have it's benefits, so yes, still log in with un/pw/dt code ...  but even with their move to the new system, I haven't had any OTP sent to me..  Kinda useless idea anyway if your bank details are saved on your mobile phone and it gets stolen, don't you think?  (Might seem ignorant, but be honest and count on your hands the number of people you know who saves their bank details on their mobile phones - bet you you won't have any trouble getting the full 10 count)

----------


## stephanfx

It seems like a good idea. Another thing that they might consider is to make like yahoo mail.

On yahoo mail, you get a personalized seal to protect from password theft and scams. It verifies that the sight you are visiting is the genuine site. Should the banks maybe do this, even some the most ignorant of clickers might stop dead in their tracks before typing in a single digit.

my two cents  :Wink:

----------


## Eugene

RKS, referring to your comment about statements being e-mailed to you, the NCA now allows you to choose the method of statements being sent to you.


Right to receive documents
65. (1) Every document that is required to be delivered to a consumer in terms of this Act must be delivered in the prescribed manner, if any. 
(2) If no method has been prescribed for the delivery of a particular document to a consumer, the person required to deliver that document must 
(a) make the document available to the consumer through one or more of the following mechanisms-
(i) in person at the business premises of the credit provider, or at any other location designated by the consumer but at the consumer’s expense, or by ordinary mail;
(ii) by fax;
(iii) by email; or
(iv) by printable web-page; and
*(b) deliver it to the consumer in the manner chosen by the consumer from the options made available in terms of paragraph (a).*

----------


## RKS Computer Solutions

I actually had my last fight with FNB last month...  Went there, spoke to one of the clerks, and she promised with the nicest smile to sort it out for me, all the while my statement printing in the background...

Checking online statements a week later, I found charges for the statements and was about to phone FNB when my phone rang...  Smiley Clerk was just phoning to let me know she found out what the problem was and that is was now sorted...  OK, what about the charges I paid for statements that you should have sent?  No problem, next morning first thing charges were reversed...

So there goes one thumb up for FNB, or rather to the Smiley Clerk who had the spirit in her to actually do her work, great stuff....

----------

