RPY653@MAINE.BITNET (03/08/91)
I'm concerned about potential security problems with my Checkfree electronic funds transfer account. Other than bodily entering my home and using my computer, or searching my desk, is there any other way that someone could find out my code and access my account? After reading Cliff Stoll's book*, I assume there must be, and would like a more expert opinion. *The Cuckoo's Egg. THanks, Lucy Quimby
campbell@dev8n.mdcbbs.com (Tim Campbell) (03/13/91)
In article <91067.100637RPY653@MAINE.BITNET>, RPY653@MAINE.BITNET writes: > > I'm concerned about potential security problems with my Checkfree electronic > funds transfer account. Other than bodily entering my home and using my > computer, or searching my desk, is there any other way that someone could > find out my code and access my account? After reading Cliff Stoll's book*, > I assume there must be, and would like a more expert opinion. *The Cuckoo's > Egg. THanks, Lucy Quimby -- Checkfree does know what your code is... presumably an unscrupulous employee could "steal" this data. And since they have the ability to initiate a funds transfer based on your request - it follows that they could just as easily initiate such a transfer without such a request. It also follows logically, that your bank teller or accountant could do equal damage - if not more easily and with less effort. So it basically boils down to this... you now have somebody new to "trust". Checkfree probably makes it easier for you to catch such an unscrupulous individual because your local software gives you the ability to balance your account and catch any errors much faster than you could previously. I suspect what you're REALLY worried about is that some hacker could phone into Checkfree using YOUR access code (Checkfree w/o new phone company caller- ID boxes probably doesn't know if the call actually originated from YOUR computer or somebody else's. They could perhaps imbed a serial number in the software that you're unaware of - I don't know.) But let's get more practical about this. Assuming that they DO break all security - say by reading your mind to discover your code, even use your computer when you're away in an effort to legitimize the request, where will they send the money they're stealing... it's not an ATM - it doesn't print cash on your attached laser printer. Wherever they send this EFT (usually an "electronic to check" draft) - it's certainly traceable. -Tim --------------------------------------------------------------------------- In real life: Tim Campbell - Electronic Data Systems Corp. Usenet: campbell@dev8.mdcbbs.com @ McDonnell Douglas M&E - Cypress, CA also: tcampbel@einstein.eds.com @ EDS - Troy, MI CompuServe: 71631,654 Prodigy: MPTX77A P.S. If anyone asks, just remember, you never saw any of this -- in fact, I wasn't even here.