[clug] e-banking - was: linux Digest, Vol 23, Issue 17
smattila at tpg.com.au
smattila at tpg.com.au
Thu Nov 11 13:43:52 GMT 2004
One bank I know (Nordea, in Northern Europe) has been
using paper-based one-time pad for years. It is inexpensive,
small and easy to use. User identification is in three parts:
1) The customer number (not related to account or bank card
numbers) to get into general banking matters. 2) The one-time
pseudo random number from a list they send via mail, only
to the authorised address for the account. This is needed only
after entering money transfers or other actions needing security.
3) Reply to a challenge, which is one number from a list of
about 20 numbers identified by letters. The challenge list is
associated with the pseudo random number list. This is needed
to finalise the session if one-time number was used. Quite safe
if the user keeps the number lists safe.
Same system works with browser or mobile phone. There
was a short comment on this system in ABC's "Electric Money -
Bills to Bytes", 10/11/2004.
> > I think I should have said, "no financial institution that I am aware
> > of". What I've heard is that apart from the cost of the credit-card
> > sized number sequence generator (aka "one time pad") and its ease of
> > loose, they feel that most people would get confused about the security
> > protocol.
>
> Bendigo Bank will supply you with such a thing for some cost.
>
http://www.bendigobank.com.au/e-banking/e-banking_help/Customer_services/Security_options_order.shtml
Sakari Mattila, LPO Box 5080,
Canberra University, Bruce ACT 2617,
Australia (tel. +61 408 533474 SMS)
> smattila at bigpond.com > smattila at ieee.org
http://www.canberra.edu.au/~sam
More information about the linux
mailing list