Comment: Re:The biggest exploit for any system (Score 5, Insightful) 2008-07-01 19:03
Attached to: No-Fail Identity Theft – Live and In Person
However good security requires to treat everyone like they are...We want friendly customer service this is in direct conflect with security
false dichotomy...your 'either...or' is invalid. First, providing security IS good customer service...
More importantly, your ideas about what 'good security' requires are based on a flawed theory and definition of what it means to be 'secure.' Your operating definition implies that '100% secure' is an attainable goal. It's not. There is no golden procedure that will bring you out of Oz like Dorothy clicking her heels together three times.
Ham fisted, dumb tactics like making a teller ID some old lady that has been banking there for 30 years is the height of stupidity.
The best way to provide a secure environment is to first have educated, savvy personnel at all levels. Second, have smart, targeted policies that capitalize on your educated employees using higher brain functions.
A Counter-example: Instead of your "ID everyone all the time even if it's your grandma" approach...have a policy that says "ID everyone they have a 10 year + history and relationship with the bank, and you recognize them immediately"
Why? No teller is going to comply with your example because it is unworkable. Have targeted, specific policies and employees that can think analytically instead.
ps...for those of you with Asperberger's or OCD just itching to point out flaws in my example, remember, it's just an example. If you're so interested in what I'm saying, then look at my ideas instead of nitmpicking an admittedly imperfect example.