Online banking sites have a great deal of responsibility when it comes to their customers. That’s why a single password just won’t cut it. Instead, most banking sites use one of two main security types. The first is the PIN/TAN system. The PIN is the password for accessing the account, and the TAN is a sort of one-time password for authenticating transactionshence “Transaction Authentication Number.” TANs are usually generated by security tokens. The other type of security used is signature-based. In this security model, each transaction is signed and digitally encrypted. The encryption keys are usually stored on smartcards or other memory mediums.Electronic online banking is prone to a host of attacks, including phishsing, pharming, and monitoring programs like keyloggers. These programs attempt to steal a user’s password and TANs to access their account. The new Man in the Browser attack is a type of trojan which lets hackers modify existing transactions with their own destinations and amounts. Digital certificates and virus scanners are the best ways to protect against these sorts of threats.
October 24, 2010