The bank fraud blame game
James A. Donald
jamesd at echeque.com
Wed Jul 4 19:55:23 EDT 2007
Philipp � wrote:
> * An external device that lets the user verify the transaction independently
> from the PC.
>
> The second possiblity has been realized by some european banks now, based on
> SMS and mobile phones, which sends the important transaction details together
> with a random authorisation code, that is bound to the transaction in the
> bank�s database. The user can then verify the transaciton, and then has to
> enter the authorisation code on the webinterface.
> (And the good thing is that they succeeded to get the usability so good that
> it�s more convenient than the previous TAN solution, and the cost increase of
> SMS compared to paper TANs is irrelevant)
>
> So I personally woul declare the online-banking problem solved (with SMS as
> second channel), but I am still searching for solutions for all others,
> especially non-transactional applications.
How large is this code?
The security of this system would seem to rest on the security of mobile
phones against cloning. How were mobile phones protected against cloning?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list