Revision as of 10:46, 27 March 2017 edit Mauls (talk \| contribs) Autopatrolled, Extended confirmed users 156,745 edits →chipTAN / cardTAN: WP:MOSTM - capitalise brand names in Wikipedia, even if the brand themselves doesn't ← Previous edit		Revision as of 11:05, 4 April 2017 edit undo Trappist the monk (talk \| contribs) Administrators 494,489 edits m →Indexed TAN with CAPTCHA (iTANplus): cite repair; Next edit →
Line 27: Prior to entering the iTAN, the user is presented a [[CAPTCHA]], which in the background also shows the transaction data and data deemed unknown to a potential attacker, such as the user's birthdate. This is intended to make it hard (but not impossible) for an attacker to forge the CAPTCHA. This variant of the iTAN is method used by some German banks adds a [[CAPTCHA]] to reduce the risk of man-in-the-middle attacks.<ref>{{cite web\|url=http://www.heise.de/newsticker/meldung/98025\|title=Verbessertes iTAN-Verfahren soll vor Manipulationen durch Trojaner schützen\|author=heise online\|date=2007-10-26\|language=German}}</ref> Some Chinese banks have also deployed a TAN method similar to iTANplus. A recent study shows that these CAPTCHA-based TAN schemes are not secure against more advanced automated attacks.<ref>{{Cite conference \| first = Shujun \| last = Li \| ~~coauthors~~ author2= Syed Amier Haider Shah, \|author3=Muhammad Asad Usman Khan, \|author4=Syed Ali Khayam, \|author5=Ahmad-Reza Sadeghi ~~and~~ \|author6=Roland Schmitz \| title = Breaking e-Banking CAPTCHAs \| booktitle = Proceedings of 26th Annual Computer Security Applications Conference (ACSAC 2010) \| pages = 171–180 \| publisher = ACM \| year = 2010 \| ___location = New York, NY, USA \| url = http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=summary.php&id=53 \| doi = 10.1145/1920261.1920288 }}</ref> == Mobile TAN (mTAN) ==

Transaction authentication number: Difference between revisions