Content deleted Content added
m Reverted edits by 2402:1980:103:CB5:0:0:0:1 (talk) to last version by 62.74.6.0 |
No edit summary |
||
Line 22:
However, iTANs are still susceptible to [[man-in-the-middle attack]]s, including phishing attacks where the attacker tricks the user into logging into a forged copy of the bank's website and [[Man-in-the-browser|man-in-the-browser attacks]]<ref name="symantec">Candid Wüest, Symantec Global Security Response Team [https://www.iriss.ie/iriss/Candid_Wueest.pdf ''Current Advances in Banking Trojans?''] {{Webarchive|url=https://web.archive.org/web/20140425003333/https://www.iriss.ie/iriss/Candid_Wueest.pdf |date=2014-04-25 }} iriss.ie, Irish Reporting and Information Security Service, December 2, 2012 (PDF; 1,9 MB)</ref> which allow the attacker to secretly swap the transaction details in the background of the PC as well as to conceal the actual transactions carried out by the attacker in the online account overview.<ref>[http://winfuture.de/news,59152.html ''Katusha: LKA zerschlägt Ring von Online-Betrügern''] WinFuture.de, October 29, 2010</ref>
Therefore, in 2012 the [[European Network and Information Security Agency|European Union Agency for Network and Information Security]] advised all banks to consider the PC systems of their users being infected by [[malware]] by default and use security processes where the user can cross-check the transaction data against manipulations like for example (provided the security of the mobile phone holds up) [[#Mobile_TAN_.28mTAN.29|mTAN]] or smartcard readers with
== Indexed TAN with CAPTCHA (iTANplus) ==
| |||