One of the most common questions I get is “if I can bank online, why can’t I vote online”.
A recently released (but undated) document ”Supplement to Authentication in an Internet Banking Environment” from the Federal Financial Institutions Examination Counciladdresses some of the risks of online banking.
Krebs on Security has a nice writeup of the issues, noting that the guidelines call for ‘layered security programs’ to deal with these riskier transactions, such as:
- methods for detecting transaction anomalies;
- dual transaction authorization through different access devices;
- the use of out-of-band verification for transactions;
- the use of ‘positive pay’ and debit blocks to appropriately limit
the transactional use of an account;
- ‘enhanced controls over account activities,’ such as transaction
value thresholds, payment recipients, the number of transactions
allowed per day and allowable payment days and times; and
- ’enhanced customer education to increase awareness of the fraud risk and effective techniques customers can use to mitigate the risk.’
So what does this have to do with voting? Well, if you look at them in turn and consider how you’d apply them to a voting system