Crypto dongles to secure online transactions

Florian Weimer fw at
Sun Nov 8 13:48:23 EST 2009

* John Levine:

> At a meeting a few weeks ago I was talking to a guy from BITS, the
> e-commerce part of the Financial Services Roundtable, about the way
> that malware infected PCs break all banks' fancy multi-password logins
> since no matter how complex the login process, a botted PC can wait
> until you login, then send fake transactions during your legitimate
> session.  This is apparently a big problem in Europe.

There are some countries which use per-transactions one-time
passwords.  These methods has been broken as well.

> So before I send it off, if people have a moment could you look at it
> and tell me if I'm missing something egregiously obvious?  Tnx.

There are already some commercial implementations (e.g. those
following ZKA's Secoder standard).  IBM apparently has something in
the works called ZTIC.  There used to be the FINREAD standard.

Attacks which would break these authentication schemes have already
been observed in the wild.  There are various means to trick people
into providing authorization for fraudulent transactions.  Tell them
that they have the opportunity to buy an expensive car at a fraction
of the price, or offer them a very attractive financial investment,
for instance.

$50 per device doesn't seem to be much, but you actually need a huge
amount of fraud that's actually prevented until it's cost-effective to
roll this out.  I don't think banks which offer real electronic
banking (that is, something pretty much like Paypal, but with consumer
rights) can legally tell high-risk from low-risk customers, so you're
basically stuck with general rollout.  While $50 per device may seem a
bit on the high side, I think it's not unrealistic if you consider
costs associated with personalization, branding, etc.

There's also the issue that a large amount of online banking happens
from work during the lunch hour.  USB dongles with software
installation requirements are problematic for those users.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list