Jim Murray wrote: > Very simple, though I can't (unfortunately!) take credit for inventing it. > > Issue the customer with a numbered list of one-time passwords. > For each transaction, have the bank computer require the use of one of > those passwords, chosen at random. > > That way, no matter what trojans, sniifers or other garbage are on the > PC the most they can capture is the password for one single transaction > which instantly becomes useless for any future transactions.
You have no clue of the kinds of _successful_ attacks against the German "TAN" system that have already occurred, have you? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
