Accrington Web - View Single Post

entwisi · 24-06-2005, 07:02

I work in IT at one of the Big 4 banks(I used to work for them but was outsourced to a global IT shop). However I can tell you that things like passcodes are NOT available in clear to anyone including call centre ops, us techies or even the CEO himself. The passcode is generated by the mainframe and stored encrypted. When you type in your passcode on an ATM the actual keypad itself encrypts the code you enter and sends it to the mainframe. At no point is it available in clear text. The same with internet banking. your passcode is encrypted using SSL and at no point is decrypted outside the mainframe.

I sat with one of our mainframe guys and asked him to show me my data. We could see my transaction list and with some chasing round many database tables got a list of my other accounts. However without a form of authorisation we could not change anything.

Having also worked in the call centre for this bank I know what happens there. Again the operatives do not see your passcode details they get prompted for the required data and enter it in a screen similar to internet banking. About the worst they could do would be to keep your session open after you have gone and transfer money then. However ALL calls are recorded and you would only have to ask for a copy of that days call to prove you did not ask for those transactions. The Bank would have to refund you immediately+ any charges incurred(And I persoanlly would be asking for compensation for stress/inconvienience)

Ian

24-06-2005, 07:02	#13
entwisi God Member Join Date: Apr 2004 Location: Up Bash Posts: 7,827 Blog Entries: 3 Liked: 44 times Rep Power: 4387	Re: Indian call centre 'fraud' probe I work in IT at one of the Big 4 banks(I used to work for them but was outsourced to a global IT shop). However I can tell you that things like passcodes are NOT available in clear to anyone including call centre ops, us techies or even the CEO himself. The passcode is generated by the mainframe and stored encrypted. When you type in your passcode on an ATM the actual keypad itself encrypts the code you enter and sends it to the mainframe. At no point is it available in clear text. The same with internet banking. your passcode is encrypted using SSL and at no point is decrypted outside the mainframe. I sat with one of our mainframe guys and asked him to show me my data. We could see my transaction list and with some chasing round many database tables got a list of my other accounts. However without a form of authorisation we could not change anything. Having also worked in the call centre for this bank I know what happens there. Again the operatives do not see your passcode details they get prompted for the required data and enter it in a screen similar to internet banking. About the worst they could do would be to keep your session open after you have gone and transfer money then. However ALL calls are recorded and you would only have to ask for a copy of that days call to prove you did not ask for those transactions. The Bank would have to refund you immediately+ any charges incurred(And I persoanlly would be asking for compensation for stress/inconvienience) Ian