The way you enter the bank will change

In less than two months, there will be significant changes in bank collateral. New regulations give rise to concerns and questions. We will try to answer at least some of them and suggest whether it is better to authorize the transfer by SMS, codes, or maybe an application.

The e-mails of readers encouraged us to write this article. Many people get nervous about how they will now look at the protection of their transfers and their money.

In the case of smartphone hacking, the thief unfortunately has all the necessary data in one place. In nature and life the healthiest is diversity, here the banks put everything on one smartphone, which can be stolen, shaken, lost. In the case of paper lists kept at home, the thief did not have, for example, a chance to send a transfer to a new account, because he did not have access to passwords - writes Monika, concerned about it.

Our reader is right, worried that confirmation by SMS is not the safest way to authorize transactions, the problem is that the paper codes are no better than them.

Strong authentication, that is why Germany is already giving up confirmations via text messages.

On September 14, the PSD2 directive is to come into force in a fashion that is belatedly late (over a year). It forces, among others, changes in the security that banks use when confirming transfers. At the beginning of the school year they will have to introduce strong authentications, i.e. provide the opportunity to use two of the three proposed methods to choose - based on knowledge unique to the client, possession of a specific object or its biometric features.

The European Banking Authority (EBA) is flooded with questions about what specific means of authentication are acceptable to him, at the end of June he revealed his opinion on the subject. His decision leaves no illusions. Neither popular one-time SMS confirmations are caught on the list of strong knowledge-based methods, nor are they a good choice of lists with one-time codes.

When it comes to SMS confirmations, thieves around the world are increasingly coping with extorting duplicates of SIM cards from operators. A clever thief is too often able to get a duplicate of such a card without the knowledge or consent of its original owner. If we steal a smartphone from us, usually at the first photogenic latte we realize that something has happened and we can quickly react by running to the bank's outlet. If they deactivate our SIM card and run their duplicate, we can not even find out for a long time that something is wrong. For this there are attacks on SS7 protocols operating in mobile networks.

In Germany, banks have already announced the withdrawal from such types of transaction and login confirmations.

Scratchcards with medicine for all evil? Not necessarily. Dump them through the window and install the application.

Many controversies are caused by liquidation of one-time passwords by banks. At first glance, they look like a very safe way of authorization - in the end, access to them is defended by three dangerous teddy bears set above the cabinet with socks in which the codes are wrapped. And this is, despite appearances, a good argument. The physics of scratch cards is their very valuable feature, the problem is that it will not be useful if the computer on which we make the transfer is hacked. After entering the code, it quickly passes into the hands of criminals, and we are blissfully ignorant of the fact that something unsettling happened at all.

Here comes the advantage of even confirmation using the application, which gives the account details to which we transfer the money and the amount we pay. If we always check them, what we absolutely should do, we will notice that someone is trying to put some left transfer under the nose. The theft of a smartphone in this case should not make life easier for criminals, who should not only be able to unlock it, but also get to the PIN-protected or biometric banking application.

And it's best to ask the bank about physical devices that generate tokens.

The safest, but rarely used solution, are physical tokens. We write the last few digits of the invoice number to the primitive calculators' devices, to which we send our hard-earned money. In return, the device generates a code for us to enter on the transfer page. Thanks to that, we are sure that the money goes wherever we want. Such tokens may differ from each other. If I remember correctly, the token of one of the Irish or Swedish banks that I used years ago required additionally a payment card to be scanned for each major transaction.

Pain in the butt? Very. Safe? Also very much.

Until now, the use of strong authentication by banks was their (and their clients') good practice, now it will be a duty and it should be enjoyed.



The way you enter the bank will change

Comments

Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Does your Xiaomi charge slowly or intermittently? So you can fix it

Problems with Android Auto and your Xiaomi? So you can fix it

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

How to activate the second space if your Xiaomi does not have this option