Content deleted Content added
m →Indexed TAN with CAPTCHA (iTANplus): cite repair; |
Wavelength (talk | contribs) changing adverb "in" and preposition "to" —> preposition "into"—wikt:in—wikt:wikt:to—wikt:into—http://public.wsu.edu/~brians/errors/into.html—User:Wavelength/About English/Expressions "into" and "in to" |
||
Line 20:
Indexed TANs reduce the risk of phishing. To authorize a transaction, the user is not asked to use an arbitrary TAN from the list but to enter a specific TAN as identified by a sequence number (index). As the index is randomly chosen by the bank, an arbitrary TAN acquired by an attacker is usually worthless.
However, iTANs are still susceptible to [[man-in-the-middle attack]]s, including phishing attacks where the attacker tricks the user into logging
Therefore, in 2012 the [[European Network and Information Security Agency|European Union Agency for Network and Information Security]] advised all banks to consider the PC systems of their users being infected by [[malware]] by default and use security processes where the user can cross-check the transaction data against manipulations like for example (provided the security of the mobile phone holds up) [[#Mobile_TAN_.28mTAN.29|mTAN]] or smartcard readers with an own screen including the transaction data into the TAN generation process while displaying it beforehand to the user ([[#chipTAN_.2F_cardTAN|chipTAN]]).<ref>[http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-201chigh-roller201d-online-bank-robberies-reveal-security-gaps ''“High Roller” online bank robberies reveal security gaps''] European Union Agency for Network and Information Security, July 5, 2012</ref>
| |||