German Police: Two-factor Authentication Failing
Jeremy Kirk writes on PC World:
A two-factor authentication system widely used in Germany is failing to stop cybercriminals from draining bank accounts, a top German law enforcement official said Tuesday.More here.
As of last year, about 95 percent of German online banking patrons were using "iTan" codes, random secret numbers that are requested of a bank customer during an online transaction, said Mirko Manske, detective chief superintendent for Germany's Federal Criminal Police Office.
The iTan code is used as an additional measure of authentication besides the customer's login information. The iTan code can only be used once and is intended to thwart online banking attacks where an attacker has all the other customer information.
But "it does not work," said Manske during a presentation at the E-crime Congress in London. "We are still losing money."
The problem is that hackers have figured out ways to execute transactions in real time, utilizing the iTan code and making the security control essentially useless.