Online Banking Security:- Security of customer’s financial information is very important without which online banking could not function. Reputational risks are also important for the banks themselves. Financial institutions have implemented various security processes to reduce the risk of unauthorized online access to customer records, but the various approaches taken are not consistent.
The use of a secure website has been almost universally accepted.
Although single password authentication is still used, it alone is not considered secure enough for online banking in some countries. There are basically two different security methods used for online banking:
PIN/TAN system where PIN represents the password used for login and TAN numbers represent one-time passwords for verifying transactions. TANs can be distributed in a variety of ways, the most popular being to send a list of TANs to online banking users by post. Another way to use TANs is to generate them using a security token. These TAN-generated tokens depend on the time and unique secret stored in the security token (two-factor authentication or 2FA).
More advanced TAN generators (chipTAN) also include transaction data in the TAN generation process after displaying it on their own screen to allow the user to detect man-in-the-middle attacks by Trojans that try to secretly manipulate transaction data in the background pc.
Another way to provide a TAN to an online banking user is to send the TAN of current banking transactions to the user’s mobile phone (GSM) via SMS. The SMS text usually shows the transaction amount and details, the TAN is only valid for a short period of time.
Especially in Germany, Austria and the Netherlands, many banks have adopted this “SMS TAN” service. There is also a “PhotoTAN” service where the bank generates and sends an image of a QR code to the online banking user’s smart device.
Online banking with a PIN/TAN is usually done through a web browser using a secure SSL connection, so no additional encryption is needed.
Signature-based online banking where all transactions are digitally signed and encrypted. The keys for signature generation and encryption can be stored on smart cards or any storage medium, depending on the specific implementation.