I’m sat in the press/speaker room of the VON conference here in Stockholm. There’s about half a dozen other people in the room. I’ve got a SkypeIn voicemail from the company that I’m hiring a meeting room from in a few weeks. They want to know the security code from my credit card I used to reserve the booking before they can confirm.
So I call them back.
“Hello, this is Mr Geddes. You called me earlier. You wanted to know a very important three digit secret code I mustn’t share with anybody and can’t even name.”
Well, of course I didn’t say that.
“Hello, this is Mr Geddes. You left me a voicemail asking for my credit card security code to confirm my reservation. Well, the code is…”
You don’t think I’m going to blog it, do you? You’ll just have to find someone else who was in the room at the time.
Anyhow, person-to-person dictation over the PSTN isn’t a pretty way of exchanging secure transactional data. In fact, even an encrypted Skype IM, although much preferable, isn’t perfect. Somehow I’d like to signal “this message is secure, don’t store it in the recipient’s history file”. Ideally, I could give them a single identifier like my phone number or email address, and they’d be able to do a reverse ENUM look-up to get access to the right secure channel. I’d receive a suitable signed message that would assure me this was the same company I had already interacted with, and I’d enter the security code, and it’d be sent back without a human ever seeing it.
If you’re a telco, your homework assignment is to work out where in this value chain you fit. Because some day, it’s going to happen, and that day might be sooner than you think.
PS - I called my business bank last week to reset my web password. After authenticating me with some information most of my customers know or could guess, and asking me my user name, the call centre operator reads out your new password. Very secure. Not.
Posted by Martin Geddes at 01:06 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/710.