Comment Re:The problem is not the storing of SSN! (Score 1) 505
It just came to my mind, that even some banks are stupid enough to use identification number as authentication. In this particular case, the attacker was able to withdraw money from an account by only knowing the account number (the account identifier). If this happened to me, I'd sue my bank for giving out my money without authenticating my identity. It should be really simple:
- 1. account identifier (account number) identifies the account,
- 2. the bank authenticates the idenfication of the person doing the withdrawal,
- 3. the bank checks that the authenticated person is authorized for the given account.
- 4. if step 3 is successful, withdraw the money from account
Any bank doing only
- 1. identifier identifies the account,
- 2. withdraw the money from account
deserve to be sued their assess off.