The Down Side of "Strong" Authentication
Brad Stone has a great article in Wired about his car being stolen and the insurance company insisting that he must be lying because he still had all of his fancy RFID enabled keys. This assumption that the security system is perfect is going to continue to bite consumers especially as banks move to two-factor authentication. I see scenarios where malicious parties will make use of trojans or man in the middle attacks to steal and banks and vendors, leaning on the use of products like SecurID, will shift the liability to the customer. Fortunately for Brad he got his car back in the end, read the full article, he has a great analysis of the moving target that is security.
This already happened in the UK with ATM fraud – the banks successfully shifted fraud damage over to account holders by claiming that their systems were infalliable. The threat of successful litigation made them change the rules in 1993:
http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/
http://www.phantomwithdrawals.com/
The adage bad security is worse than no security comes to mind.