Leave a Reply

2 Comments

  1. After disaster after disaster with The ANZ bank due to ongoing fraud I wrote the following tongue in cheek piece

    Subject: Urgent Review of Bank Protection – Falcon Performance Issue

    To Whom It May Concern,

    This message addresses the ongoing issue of bank protection, a matter of utmost importance. While I acknowledge the Peregrine Falcon’s previous service, recent performance raises serious concerns. Multiple incidents of aerial instability and an inability to apprehend villains suggest a potential decline in the Falcon’s physical capacity. This may be due to wing-related difficulties or excessive weight, hindering its ability to perform effectively.

    Furthermore, the severed telephone lines indicate a vulnerability in our communication system, impacting the Falcon’s ability to fulfill its duties. This situation demands immediate attention.

    I propose considering alternative solutions, specifically the Buzzard. Renowned for its strength, size, and opportunistic hunting style, the Buzzard offers a robust and adaptable approach to bank protection. Its capacity to handle diverse threats aligns well with our security needs.

    I trust that Human Resources, with their expertise in personnel selection, will conduct a thorough evaluation and identify the most suitable candidate for this critical role. Swift action is imperative to ensure the continued safety and security of our banking institution.

    Thank you for your prompt attention to this urgent matter.

    I wrote this tongue in cheek after discovering what tokinisation really means, According to the web it’s their to protect you The Customer…but I soon realised that was not necessarily the case. I visited 4 ANZ banks and not one bank new what tokiniztion is on credit card. The problem as I see it. You get scammed and you card is replaced. You think your possibly safe . But what most of us don’t realise and has never been explained to me the token on your credit card is automatically transferred to your new one. So if a unscrupulous trader has your token number from what I can see and please correct me if I’m wrong they can use your card as they have your token number

    1. I just found this
      Tokenization can be misused (“fraudulently”) in a few ways, depending on how it’s implemented:

      Reversible tokenization: If the token can be mapped back to the original data by the same party (or if the mapping table is exposed), it’s effectively reversible—so it can be abused like storing/processing secrets.
      Bad token scope: If tokens are valid across systems/tenants or long-lived, attackers can replay or reuse them in other places.
      Weak generation: If tokens are predictable or not cryptographically random, someone may be able to guess them or correlate them to real data.
      Leaky tokens: If the “token” still contains sensitive info in metadata, prefixes, format-preserving details, or side channels, it may not be truly protective.
      Fraud via workflow: Even with correct tokenization, fraud can occur if the business logic trusts tokens without verifying authorization (e.g., token used to bypass identity/payment checks).