Using an unsecured WiFi signal

Yet another assertion. It assumes people would know in which way they had been compromised, or that the banks do. Password-based fraud is simply 'fraud' as far as both of those groups are concerned. Payment card fraud runs about 8 billion a year from what I see. How much of that total is from this? Who can say?

If you disagree, tell me this: If I were to find false charges on my CC, or money missing from my account, how would I know that an false SSL attack was the culprit, in order to report it?

To answer your other question, yes - driving to Starbucks is a dangerous thing to do. One must undergo training and practice in order to be licensed to engage in this activity. I totally agree with your point that, given proper training and education, it would be much less dangerous to engage in such activities; but I don't see that happening anytime soon, and so don't recommend that people engage in these behaviors. If for no other reason than the one I mentioned earlier - would you notice if your site wasn't using SSL? Every time? I don't know if I would, let alone someone who doesn't know much about computers.

As for me, I do not work in the security industry per se, but managing the risks taken - including maintaining credit card and banking security procedures -for a large group of people is a large part of what I do at work.

Cycloptichorn

I think you are being ridiculous. You probably got the $8 billion figure from this summary of an article that neither of us paid to read in its entirety. Even that article said "biggest category" in the $8 billion figure was people who bought something and then committed fraud by not paying for it. I googled for credit card fraud. Lots of articles list the top reasons for fraud-- none of them list password fraud (which I suspect that this because the numbers are much lower).

Anyway, this discussion is getting silly.

My professional opinion is that SSL over an unprotected network is safe for any practical purpose. I do agree that people should educate themselves on how to use the technology safely. However, this education can be had in 5 minutes because modern browsers are designed to make security easy. The biggest part of the education is to show someone a security dialog and tell them to take these things seriously.

Most people who have expertise in this area agree with me. Of course, the reader can choose to accept my opinion or not.

But with all of the banks now feeling perfectly comfortable to offer their services over mobile devices and advertise them, it seems a little backwards to let fear keep you away from a modern convenience that millions of Americans use without any problem.

But I suppose if you want to let your fear of a technology keep you from using it, it isn't my problem.

Do you do security for banks?

My firm does.... and you're way too trusting.

The banks don't seem too worried to me.