SUBSIM Radio Room Forums - View Single Post - Security of online banking

Penguin · 11-17-10, 06:23 AM

Regarding the issue of security I would prefer the TANgenerator, they key is strong enough. When you have encrypted data sent over a secure line it's the best choice. However secure line is the key word. Whenever data is transported there is always the püossibility of man-in-the-middle attacks.

One advantade of the phone mTAN system is that you use two different lines to transport the data, but you have to keep in mind that the data sent to you is also sent over the net first, before it is transported via GSM.
GSM has no strong encryption for a variety of reasons, so there's one vunerability. The vunerability of your cell OS against bad code is another issue, so it is more secure to use an older one with a proprietary, enclosed operating system.In terms of usability however I would prefer the mTan system, as it is more likely that you carry your cell when you travel as that you pack your generator every time you load your suitcase.

I had a collegue who worked in a bank that issued the fist generators back in 2004/5. He enlighted me a bit about the security and cryptology system they used. It was a really big advantage over the standard tan system that was used at that time. Of course it wasn't just a list with tans on it - like tyrant thinks. You can conclude that the encryption standards are even better today.

The banks of course provide no big data regarding fraud, but at least at the moment, they are very customer friendly in terms of compensation.

This souldn't read like I praise the banks - the opposite is quite true: I hate'em, but I must admit they are quite aware nowadays regarding security issues - due to a viral self-interest of course.

11-17-10, 06:23 AM	#20
Penguin Ocean Warrior Join Date: Mar 2010 Location: Rheinische Republik Posts: 3,322 Downloads: 92 Uploads: 0	Regarding the issue of security I would prefer the TANgenerator, they key is strong enough. When you have encrypted data sent over a secure line it's the best choice. However secure line is the key word. Whenever data is transported there is always the püossibility of man-in-the-middle attacks. One advantade of the phone mTAN system is that you use two different lines to transport the data, but you have to keep in mind that the data sent to you is also sent over the net first, before it is transported via GSM. GSM has no strong encryption for a variety of reasons, so there's one vunerability. The vunerability of your cell OS against bad code is another issue, so it is more secure to use an older one with a proprietary, enclosed operating system.In terms of usability however I would prefer the mTan system, as it is more likely that you carry your cell when you travel as that you pack your generator every time you load your suitcase. I had a collegue who worked in a bank that issued the fist generators back in 2004/5. He enlighted me a bit about the security and cryptology system they used. It was a really big advantage over the standard tan system that was used at that time. Of course it wasn't just a list with tans on it - like tyrant thinks. You can conclude that the encryption standards are even better today. The banks of course provide no big data regarding fraud, but at least at the moment, they are very customer friendly in terms of compensation. This souldn't read like I praise the banks - the opposite is quite true: I hate'em, but I must admit they are quite aware nowadays regarding security issues - due to a viral self-interest of course.