Internet Banking Security and Autonomy Issue in Korea

The idea of using IE and ActiveX to achieve any secure purpose is just as absurd as using basic Uid/passwd authorization for banking. Both systems have security holes too large to believe sitting in the middle of them. But at least if the uid/passwd system is intelligently operated by the user he can minimize the security issues, whereas a technical monoculture dependent on an insecure browser and an insecure programming toolkit had better be using one-time pads, because every transaction could well be compromising the system, no matter how carefully the user follows instructions.

In fact, electronic banking is insecure. Pre-electronic banking was insecure too, and money was stolen all the time. Losses, of course, were insurable, and the borrowers of money ultimately paid the costs of the credit system, We have reduced losses of every kind in the banking system, but it is active security, not the banking software platform, that reduces security issues further. Still, if one could have one basic way of improving security, it would be the way taken by the Australian banks, who gave everyone a free software liveCD to boot into when they wanted to do their banking, thus providing a secure write-protected software stack on which to run their interactions.