The bank will seek to see who/what was at fault. If you handed someone your passwords etc, they carry no responsibility and kiss that 50k goodbye. Your pin/passwords are yours and yours alone. You should protect them. At least in the UK there have been plenty of cases were people were tricked to hand in their passwords. They never got anything back from the banks.
If someone breaks in physically and steals the contents of your safety deposit box they will hunt-them-down. If you come forth and you say "I know who it was, I helped him/her as part of a pen-test" then you are going down with them.
And yet I get much more assistance in keeping my login secure from a two-bit social media site than I do from virtually every bank I’ve had an account with (speaking of banks in the USA).
Two factor using something like Google Authenticator? Nope.
Two factor using a less-secure text messsge? Rarely.
An email asking for secondary confirmation when logging in from a new device or IP address? Forget it.
A history within my account that shows all logins and login attempts, along with the request IP address and location? I wish.
I’m sure banks do stuff behind the scenes to secure my account. But it seems they could do a lot more to empower me to help in the process. I understand that it’s difficult to pin the blame on a bank for a password stolen by a virus a customer picks up that had nothing to do with them. But it seems they’d do a whole lot more to help me protect my account.
I’m generalizing, I know, but I find it comical (and frustrating) at how often I see banks attempt to do things in the name of security that don’t help at all, but go a long way to destroy UX, or even decrease security.
- Prevent paste on the password field.
- Security questions, often with ridiculous questions.
The bank will seek to see who/what was at fault. If you handed someone your passwords etc, they carry no responsibility and kiss that 50k goodbye. Your pin/passwords are yours and yours alone. You should protect them. At least in the UK there have been plenty of cases were people were tricked to hand in their passwords. They never got anything back from the banks.
If someone breaks in physically and steals the contents of your safety deposit box they will hunt-them-down. If you come forth and you say "I know who it was, I helped him/her as part of a pen-test" then you are going down with them.