The problem there is email is generally used as an authentication authority for most online services, and a stolen phone hands over exactly what organised criminal outfits need to begin start real indentity theft.
Having done some work with financial services this was a huge problem, as soon as an email acocunt is compromised hackers used automatic services to reset every password they can find... because the email was the point of authority.
Because of this the product we designed had a two point authority process. But alas the second point was a text message sent to the stored cellphone number, which would mean in this case all your data is pwned.
I see most banks I deal with now have moved to phone call only authority checks. But in all honest once you have access to a decent a email account you can harvest the needed information quickly. My current banks just wants name, access code (printed on my card FFS), birthday, mailing address and bingo I'm in.
rjd|14 years ago
Having done some work with financial services this was a huge problem, as soon as an email acocunt is compromised hackers used automatic services to reset every password they can find... because the email was the point of authority.
Because of this the product we designed had a two point authority process. But alas the second point was a text message sent to the stored cellphone number, which would mean in this case all your data is pwned.
I see most banks I deal with now have moved to phone call only authority checks. But in all honest once you have access to a decent a email account you can harvest the needed information quickly. My current banks just wants name, access code (printed on my card FFS), birthday, mailing address and bingo I'm in.