For me, in the mobile banking app, paying someone is divided into two steps:
Once the destination is setup, making payments is very convenient - I only have to provide the amount and date and I am not asked any further questions.
On telephony, it struck me that some kind of PKI should have been mandated as a condition of VOIP being interconnected to the PSTN, i.e. to use a presentation number, which someone may possibly use to work out if the calling organisation is who they claim to be, a certificate must be presented as part of the session initiation, rather like TLS. With so many parties involved, though, and no doubt some corruption, it then presumably becomes a problem of key management rather than technology.
At the moment, though, the only advice I can think to give anyone is to never disclose personal information and certainly not attempt to transfer any money or give out any card details on an incoming call. I think this is the advice we should offer absolutely everyone.
- setting up a payment destination.
- actually transferring the money.
Once the destination is setup, making payments is very convenient - I only have to provide the amount and date and I am not asked any further questions.
On telephony, it struck me that some kind of PKI should have been mandated as a condition of VOIP being interconnected to the PSTN, i.e. to use a presentation number, which someone may possibly use to work out if the calling organisation is who they claim to be, a certificate must be presented as part of the session initiation, rather like TLS. With so many parties involved, though, and no doubt some corruption, it then presumably becomes a problem of key management rather than technology.
At the moment, though, the only advice I can think to give anyone is to never disclose personal information and certainly not attempt to transfer any money or give out any card details on an incoming call. I think this is the advice we should offer absolutely everyone.
Statistics: Posted by Coeus — Tue Jul 09, 2024 9:03 am