Content deleted Content added
Line 29:
== Mobile TAN (mTAN) ==
mTANs are used by banks in Germany, Austria, the Netherlands, Hungary and South Africa. When the user initiates a transaction, a TAN is generated by the bank and sent to the user's mobile phone by [[SMS]]. The SMS may also include transaction data, allowing the user to verify that the transaction has not been modified in transmission to the bank.
However, the security of this scheme depends on the security of the mobile phone system. In South Africa, where SMS-delivered TAN codes are common, a new attack has appeared: SIM Swap Fraud. A common attack vector is for the attacker to [[Identity theft|impersonate]] the victim, and obtain a replacement [[SIM card]] for the victim's phone from the [[mobile network operator]]. The victim's user name and password are obtained by other means (such as [[keylogging]] or [[phishing]]). In-between obtaining the cloned/replacement SIM and the victim noticing their phone no longer works, the attacker can transfer/extract the victim's funds from their accounts.<ref>http://www.iol.co.za/index.php?art_id=vn20080112083836189C511499 IOL: "Victim's SIM swap fraud nightmare"</ref>
| |||