German banks are moving away from SMS one-time passcodes

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
New EU legislation might help kill SMS 2FA / 2SV / OTP.
Multiple German banks have announced plans to drop support for SMS-based one-time passcodes (OTP) as a login authentication and transaction verification method.
Postbank plans to drop support in August, while Raiffeisen Bank and Volksbank plan to do so in the fall, Handelsblatt reports.
Deutsche Bank and Commerzbank also plan to drop support for SMS OTP but have not announced a deadline, while Consorsbank plans to discontinue it by the end of the year. Other banks like DKB and N26 have never deployed the technology, while ING has not made any public statements on its plans.
... ...
The cyber-security industry has been warning against securing systems with SMS-based authentication because of inherent and unpatchable weaknesses in the SS7 protocol used in the backbone of all mobile telephony networks for years. Vulnerabilities in this protocol allow attackers to silently hijack a user phone number, even without a telco's knowledge, allowing threat actors to track users or authorize online payments or login requests. ... ...
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
As a german user you could try an optical chip tan generator.

As it is independent hardware, coupled only by a simple communication channel, the TAN generator is not susceptible to attack from the user's computer. Even if the computer is subverted by a Trojan, or if a man-in-the-middle attack occurs, the TAN generated is only valid for the transaction confirmed by the user on the screen of the TAN generator, therefore modifying a transaction retroactively would cause the TAN to be invalid.

While it offers protection from technical manipulation, the ChipTAN scheme is still vulnerable to social engineering
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top