UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form.
Yet, this paper trail represented a potential security fail for the bank - Human Error.
So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars.
When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation.
Wrote Robert Capodieci,
My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto@c2podieci.com.
So this meant Mr Capodieci needed to download a form to change his email address and post it to UOB. Simple?
Not exactly, by the time Mr Capodieci received his activation link, he was already in Bali, Indonesia. If he mailed the form out, it would take 3 weeks to reach UOB.
Unfortunately, that would have passed the statue of limitations for the form which was two weeks.
What could Mr Capodieci do?
Set up an email for roberto@c2podieci.com to get his activation link.
The first problem I think for UOB is that its computer does not have an Adobe PDF writer to allow its bank employees to fill in forms by typing out the particulars rather writing it out.
With a stroke of a pen, an activation code was send to the wrong and non-existing email.
However, the ease of Mr Capodieci setting up an email address online to get his activation code put the spotlight on how a human error might have lead to a hacked account.
It would be of great odds that the activation link be send to the wrong person and that wrong person knows how to clone an email.
But sending a letter to solve a email is quite ironic itself.
Yet, this paper trail represented a potential security fail for the bank - Human Error.
So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars.
When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation.
Wrote Robert Capodieci,
My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto@c2podieci.com.
So this meant Mr Capodieci needed to download a form to change his email address and post it to UOB. Simple?
Not exactly, by the time Mr Capodieci received his activation link, he was already in Bali, Indonesia. If he mailed the form out, it would take 3 weeks to reach UOB.
Unfortunately, that would have passed the statue of limitations for the form which was two weeks.
What could Mr Capodieci do?
Set up an email for roberto@c2podieci.com to get his activation link.
The first problem I think for UOB is that its computer does not have an Adobe PDF writer to allow its bank employees to fill in forms by typing out the particulars rather writing it out.
With a stroke of a pen, an activation code was send to the wrong and non-existing email.
However, the ease of Mr Capodieci setting up an email address online to get his activation code put the spotlight on how a human error might have lead to a hacked account.
It would be of great odds that the activation link be send to the wrong person and that wrong person knows how to clone an email.
But sending a letter to solve a email is quite ironic itself.
Comments
This is systemic.