[clug] e-banking - was: linux Digest, Vol 23, Issue 17

smattila at tpg.com.au smattila at tpg.com.au
Thu Nov 11 13:43:52 GMT 2004

One bank I know (Nordea, in Northern Europe) has been
using paper-based one-time pad for years. It is inexpensive,
small and easy to use.  User identification is in three parts:
1) The customer number (not related to account or bank card
numbers) to get into general banking matters. 2) The one-time
pseudo random number from a list they send via mail, only
to the authorised address for the account. This is needed only 
after entering money transfers or other actions needing security. 
3) Reply to a challenge, which is one number from a list of 
about 20 numbers identified by letters. The challenge list is 
associated with the pseudo random number list. This is needed 
to finalise the session if one-time number was used. Quite safe 
if the user keeps the number lists safe.

Same system works with browser or mobile phone. There
was a short comment on this system in ABC's "Electric Money -
Bills to Bytes",  10/11/2004.

> > I think I should have said, "no financial institution that I am aware
> > of". What I've heard is that apart from the cost of the credit-card
> > sized number sequence generator (aka "one time pad") and its ease of
> > loose, they feel that most people would get confused about the security
> > protocol.
> Bendigo Bank will supply you with such a thing for some cost.

Sakari Mattila, LPO Box 5080,
Canberra University, Bruce ACT 2617,
Australia  (tel. +61 408 533474 SMS)
> smattila at bigpond.com > smattila at ieee.org

More information about the linux mailing list