Hacker News new | ask | show | jobs
by jdee 3348 days ago
Certainly activity is higher amongst teams that deal with higher wealth individuals, so your question about specific people is broadly correct. To get into what? Bypass biometric ID systems that are common in telephone banking systems. Audio was recorded in high fidelity via smartphones from customers and then manually pieced together in an audio editor and played back down the phone to a biometric system in order to bypass detection. As an adjunct, certain banks in the U.K. have microphones hidden in the counters of physical branches that cross reference your voice with known patterns such is the prevalence of such systems. In regard to secret words, it was a team working within the bank that shared information to crack words. High value CS teams are traditionally very small to keep "the personal touch". CS teams never get access to the full secret word. They get prompted with which questions to ask and what response to expect, so therefore gluing small answers together is the trick.
1 comments
literallycancer 3348 days ago
Wouldn't all these issues be solved by the customer reading a one time key over the phone?
link
jdee 3347 days ago
Banks are nowhere near to being on this page yet. 99% haven't even committed to primary authentication method. It's a jumble of mobile apps, pin sentry devices, fobs, voice, logic engines, SS7 network squanning via back door agreements with smaller telco network providers, location. It's a real mess.

Can someone bookmark this post where I say the first billion dollar external bank fraud success will happen within the next 18 months please.

link
tim333 3347 days ago
I had something close to that with Bank Sabadell. They had 40 four digit numbers on a card and you gave them one of the 40 which they chose. They've now moved to a fancier app based system,
link
jacquesm 3347 days ago
Guess who would have access to the software that generates and distributes the one time keys.
link
literallycancer 3347 days ago
Why? Have a page with a QR code seed in the internet banking. Scan it with a phone app, no interaction with customer service (unless you lose the phone).

If a bitcoin exchange can do it, I don't see why a bank couldn't (banking is easier - you can cancel transactions).

link