This seems such a blindingly obvious idea, I can't see why it isn't done already, so I'm looking for any feedback. Points will be distributed to anyone making a convincing point for or against.
When my banks online facility is used to make a _new_ transaction, I want to be sent a confirmation. I like the convenience of Internet Banking, but I fear the security risks (As an IT professional, I know what can go wrong ;-)
It seems to me that the biggest risk is a phisher setting up a payment from a compromised account or changing account details; I suggest that any such "transactions" should be confirmed by email or SMS so customers would be immediately alerted and could block fraudulent transactions. Naturally, changing the registered email address and mobile number online would need to be disabled.
Not everyone has email or a mobile, but I'd guess > 99% of people who use online banking do. This doesn't stop phishing, but it could prevent the phisher actually profiting (So it _would_ reduce the number of phishing attempts).
I would not want email or mobile methods used for advertising material; That should remain a separate opt-in. I don't want receipts for all transactions, e.g. cheques or regular payments, as they're covered by other security - just "new" online ones. Though it would be nice to get a confirmation that my salary had been paid in!
I know that some phishers send fake receipts to try to get you to give them your bank details to "cancel" a transaction, e.g.
http://www.cheshire.gov.uk/tradingstandards/scams/latest_scams.htm That doesn't invalidate the idea, but _some_ education would be needed to teach customers not to click links. Actually, once they get used to their bank sending them receipts, phishing emails will stand out as being different.
This wouldn't be patentable as there is prior art - e.g. every e-tailer sends a receipt confirming transactions
