What is sufficient online banking security?
Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in many countries. There are two prominent security methods used in online banking for additional security: • The PIN/TAN system where the PIN represents a password used for the login, and TANs (transaction authentication numbers) represent one-time passwords (OTPs) to authenticate transactions. TANs can be distributed in different ways. The most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed. • Signature based onl
