:: extra ::

Last summer, I gave a talk about online banking:
http://www.aipsi.org/eventi/download/agenda_issa_rome_2007.pdf (PDF)

After the talk, a CSO from a major bank came up to me and said, "Great presentation, but you missed one key thing: banking online is safer than banking offline."

Seems counter intuitive. Doesnt it?

Banking online can be scary because:

1) Hackers have global reach, If you're doing offline banking in California, you only need to be worried about bad guys in California, for instance the customers and employees present in your local branch. If you're banking online, anyone in the world could attack you and your assets.

2) Automation - in the physical world attackers are limited by their ability to manipulate physical items like making an extra copy of your account number. In the online world attackers are essentially unlimited in the resources they can bring to bear.

3) Online security is opaque to the end user. People who aren't particularly tech savvy have a tough time differentiating between good online security practices and bad online security practices. Security in the physical world is much more intuitive for most people- keep your checkbook in a safe place or don't let someone peek when you are entering your PIN.

How can someone argue that online banking is safer?