Revision as of 09:45, 7 October 2008 edit 213.61.92.179 (talk) added Germany to the countries where the Postbank sends SMS TANs ← Previous edit		Revision as of 07:09, 17 January 2009 edit undo Runtime (talk \| contribs) Extended confirmed users 1,711 edits mNo edit summary Next edit →
Line 16: TANs are believed to provide additional security because they act as a form of [[two-factor authentication]]. Should the physical document containing the TANs be stolen, it will be of little use without the password; conversely, if the login data are obtained, no transactions can be performed without a valid TAN. In South Africa, where [[SMS]]-delivered TAN codes are common, a new attack has appeared: SIM Swap Fraud". A common attack vector is for the attacker to [[Identity theft\|impersonate]] the victim, and obtain a replacement [[SIM card]] for the victim's phone from the [[mobile network operator]]. The victim's user name and password are obtained by other means (such as [[keylogging]] or [[phishing]]). In-between obtaining the cloned/replacement SIM and the victim noticing their phone no longer works, the attacker can transfer/extract the victim's funds from their accounts.<ref>http://www.iol.co.za/index.php?art_id=vn20080112083836189C511499 IOL: "Victim's SIM ~~swop~~swap fraud nightmare"</ref> Should the client system become compromised by some form of [[malware]] that enables a [[Hacker (computer security)\|malicious user]] to obtain both the login data and a TAN number (in some systems, a TAN is usable for some minutes after the initial insertion), the possibility of an unauthorized transaction is high. It should be noticed that the remaining TANs remain uncompromised and can be used safely, even though action should be taken by the user as soon as possible.

Transaction authentication number: Difference between revisions