My bank, <a href=”http://www.hdfcbank.com”>HDFC bank<a> recently implemented some aditional security measures as part of a secure banking innitiative. These measures involve asking the user a number of questions before innitiating transactions such as a third party funds transfer. Also, as a measure to prevent phishing attacks, the bank has asked the customer to select an image and a custom text message which is displayed at the time the customer enters the password. The idea presumably is that if the site has been attacked, the image displayed and or the text message displayed will be altered. I have no problem in verifying the text message but what do I do about the image? This is where the <a href=”http://www.seeingwithsound.com”>vOICe</a> came in.
HDFC’s implementation of this feature is very sensible. The image has an alt tag though it is not too meaningful. I was able to right click on the image and download it. Now, whenever I login, I have that master image. All I do is download the currently displayed image and then use the change detection feature to compare the new image with the master image. The change detection feature sounds the differences between 2 images. In this case, I hear silence if the images are the same.