Ask HN: Better Mutual Trust Online?
How can we improve _mutual_ trust online. Nearly all authentication puts the burden on the customer or client. Customers need to provide credentials, security questions, codes. Provider authentication is very flimsy. Even SSL certs & domains are hardly well maintained. My ~$10000 property tax bill is paid on a random domain with zero authentication that the funds go to my county treasurer.
The consequence is rampant fraud, phishing attacks. Look at the epidemic of IRS, Tolls, Tax, Bill Pay fraud. Scammers pose as billing departments using transient phone numbers. Wire transfer fraud is so common , but when I called my Title company to verify the receiving account, I was told no one ever does that.
My question to Hackernews is : what services should we create to establish true mutual trust? So when you receive a text message from Chase -- you have 100% confidence it is from Chase . When you talk to a customer service rep from Fidelity, you are 100% confident they are with Fidelity.
Phishing countermeasures like personal avatars / icons for your Bank have been used in the past, but none lasted or had widespread appeal. One-time codes could work, but they are clumsy.
What apps or solutions would you like to see to improve mutual authentication?
The system to display a brand logo next to your email (e.g in Gmail) is based on https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_I... Basically a company needs to purchase a certificate for 1000-2000 USD/year. Scammer don't do that. (Also me as a small non-ecommerce company doesn't do that). It's not ideal but some trust can be established by making it expensive.
i agree it's a step in the right direction. App publisher profiles in App stores (e.g. Apple App Store, Google Play, MS/Xbox) are similar initiatives that help establish publisher / provider trust. Great example!