Computer Crime Research Center


A new methods combating phishing

Date: August 09, 2005
By: Robert W. Smith

Postbank, a major German retail bank, is introducing a new TAN system to combat the form of data pilfering known as phishing. From Monday onwards customers will be able to make use of "indexed transaction numbers" (iTANs). When engaging in a money transfer online the customer will be told by the computer which TAN from out of the list provided is to be used. This TAN only will then activate the transaction. With the aid of e-mails ostensibly sent by banks to their customers, defrauders aiming to raid bank accounts have attempted, in many cases successfully, to elicit TANs from online banking customers. This form of deception via e-mails that look as though solicitously sent by banks, known as phishing, has increased dramatically of late.

Up to now Postbank customers have been furnished with a list of 100 TANs from which they are free to choose. In future they will be asked when engaging in a transaction to pick a particular TAN from that list. The danger that a malicious phisher will be able to make use of a pilfered TAN is thereby cut down to one percent. To make things safer still Postbank is now offering its customers the option of specifying individual maximum limits for online banking transactions. According to the company's statements no customer of theirs has as yet been harmed by phishing.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo