Gentle guidance using passive noti?¬?cation can be employed
to assist these users in stepping up to using Information
Cards. This is predicated on the client actually having support
for Information Cards (which was detected earlier). When
clients sign in with a username and password, the website can
notify users that they have the option of using an Information
Card (see Figure 5-13) and step them through the process.
(CSC), another number added to the physical card that is not embossed nor included
on the magnetic stripe. Merchants are instructed to not store the CSC so
as to limit the damage if their database is exposed by hackers, but the proliferation
of fraud continues.
In reality, knowing someone??™s mother??™s maiden name does not prove that you
are that person, rather that you simply know that person??™s mother??™s maiden name.
Other questions that are just statements of fact fall under this same category and
should really be avoided. At the lowest level, they could even be de?¬?ned as
shared secrets, with emphasis on shared.
To use questions as a form of authentication, the questions should be geared
toward describing the relationship between the two parties.
Pages:
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428