Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which is why once your company is big enough, you should need 2 employees who are unfamiliar to each other to sign off on high value operations.


Bingo. Corrupting two is much less likely.


The key trick isn't so much the two as that they're randomly selected.

I moved a large amount of money a few years back to buy my home (I do not like debt, so I saved up until I could afford somewhere to live, then I bought it)

The bank's web site lets you type in any amount of money but then it says politely that you can't do this from the web site, please call the bank.

I called the bank (they always pick up in 2-3 rings, I've worked with one of their founders, ensuring this was one of the key ideas behind the bank) and explained what I wanted to do. The nice lady took down all the details and then she explained that now one of her colleagues would be randomly selected to call me back and confirm everything and we hung up.

Sure enough, less than a minute later another of the people from the bank called (with the agreed password for when the bank calls me) and had me read out all the transaction details again, at which point the transaction was confirmed.

Think about that scenario as a bad guy trying to corrupt it. You bribe one employee to pretend someone called and authorised a huge transfer. OK. But then a different random employee has to confirm it. How do you bribe them? You have no way to know who it will be! Do you try just bribing every single employee who works the phones? Not very practical.

The other thing banks do is they background check employees. You can't test for "willing to take bribes" but you can weed out potential hires with previous convictions for financial crime, or debt problems. I've had checks like that for jobs touching sensitive personal information.


> You bribe one employee to pretend someone called and authorised a huge transfer. OK. But then a different random employee has to confirm it. How do you bribe them?

So first bank employee I bribe is one who can update the phone number on your account to one I control (or even better, an employee from your telco who'll let me port your number to my burner phone), the next employee I bribe is the one who pretends the call came in. The different random employee then just does their job confirming the transaction with a call to me. Bingo - I have your house payment...


In your story the bank trusted a phone call more than you being logged in the website? How did they authenticate you over the phone?


After I identify myself I have to give them letters from a telephone password and a series of arbitrary questions I selected like "Memorable date" to answer. The very large transfer was years before I received a physical two factor authenticator, it's possible that these days I'd need to prove I had the authenticator too, I don't know.


The first call is authenticated as being the bank by calling the correct phone number the bank has on the website.

The second call is authorized via a password given on the first phone call:

> (with the agreed password for when the bank calls me)

Now the stringency of the verification of the caller being OP is unknown.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: