Revision as of 15:52, 6 July 2009 edit Cfaerber (talk \| contribs) Extended confirmed users 1,229 edits Expansion + some cleanup ← Previous edit		Revision as of 18:36, 26 July 2009 edit undo 134.219.176.125 (talk) →Indexed TAN with CATCHPA (iTANplus) Next edit →
Line 24: However, iTANs are still susceptible to man-in-the-middle attacks, including phishing attacks where the attacker tricks the user into logging in into a forged copy of the bank's website. == Indexed TAN with ~~CATCHPA~~CAPTCHA (iTANplus) == [[Image:ITANplus-Kontrollbild.png\|thumb\|right\|CAPTCHPA for iTANplus]]A variant of the iTAN method used by some German banks adds a [[~~CATCHPA~~CAPTCHA]] to reduce the risk of man-in-the-middle attacks.<ref>{{cite web\|url=http://www.heise.de/newsticker/meldung/98025\|title=Verbessertes iTAN-Verfahren soll vor Manipulationen durch Trojaner schützen\|author=heise online\|date=2007-10-26\|language=German}}</ref> Prior to entering the iTAN, the user is presented a ~~CATCHPA~~CAPTCHA, which in the background also shows the transaction data and data deemed unknown to a potential attacker, such as the user's birthdate. This is intended to make it hard (but not impossible) for an attacker to forge the ~~CATCHPA~~CAPTCHA. == Mobile TAN (mTAN) ==

Transaction authentication number: Difference between revisions