“Check out the links in this thread and do your own research, that is how we can collectively beat phishing.”
I feel that the banks’ behaviour mimics the attitude of the saying “pearls for the pigs”. They tried to do it right in the 90′s with SET (wheither it was a safe protocol, or a basis for a future safe protocol left aside), but it seemed both merchants and customers were clueless/careless about computer security: they feared insecure systems but were not truly interested in cryptography (as if its someone else’s job to think about that, while truly its everybody’s responsibility to understand cryptography and computer security). As a response they created 3DS to shove the message of the back-then sadly ignorant masses back in our face: like “oh? you want security but its not your job to understand the details? well perhaps you are right, its also not my job, lets just all delegate everything away”. This is in a sense equivalent to giving us all a cold shower of the hard reality. People lose money, get fished etc… banks let this happen until enough people get angry and finally DO look up computer security and mathematics behind cryptography, the importance of public key cryptography, etc. All these comments show that the bank’s hard way of learning us all what computer security is truly works. (Their back-ends like SWIFT protocols in Europe etc are cryptographically secure, but not accessible to the large population, who they will keep exposed with insecure implementations until we learn about cryptography and computer security in the financially autodidact way: get hurt financially and any person, however low in education, can look up and teach himself the mathematics of RSA, elliptic curves, cryptographic hash functions, binary decision diagrams, formal verification, communicating sequential processes etc…)
