EU Draft Digital Signature Directive
Andrew Rowley
Andrew.Rowley at dcs.qmw.ac.uk
Wed, 26 Aug 1998 19:51:18 +0100
Ian Brown wrote:
>
> I would intrigued to know what (if any) cryptographic procedures Barclay's
> home-banking software uses... Since it can make transfers out of your
> account, they must need *some* security. No doubt you have to sign a
> contract assuming all liability when you start using it.
Authentication is achieved through a 5 digit PIN. They use 64bit
encryption for data over the phone line. I assume (hope) that this is
symmetric, however they don't disclose the algorithm. Despite this you
agree, amongst other things:
"that the records we [Barclays] maintain of any instructions you give by
computer shall be conclusive evidence of your instructions and of the
time at which you gave them, except where there is an obvious mistake in
our records."
Also
"If you know or have reason to suspect that someone else knows your
codes or personal identifiers, you must immediately telephone us. Until
you do so, you will continue to be liable for transactions in accordance
with Condition 2.4"
Condition 2.4:
"You authorise us to act on instructions given:"
...
"(b) by telephone or electronically, provided that we have followed the
security procedures agreed between us, whether or not such telephone or
electronic instructions were given by you."
--
Andrew Rowley
Department of Computer Science
Queen Mary & Westfield College
University of London
+44 (0)171 975 5244
Andrew.Rowley@dcs.qmw.ac.uk
http://www.dcs.qmw.ac.uk/~andrewr