Re: 21 Million German bank accounts stolen - but accounts are still more secure than many other ones

[Martin Salfer <mars () soif de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hello,

English readers might wonder why Germans usually don't use cheques:
because they're too expensive and insecure.

Everybody prefers electronic money transfers ("Überweisung") as those
are for free and well protected. And direct debits or PADs
("Lastschrift") even can be rolled back up to 6 weeks after withdrawal.

So usually, people simply exchange account numbers and directly transfer
money.

Even if someone successfully sniffs German account credentials, e.g. ID
+ passwords, someone would still be unable to steal any money as every
single transfer must be confirmed with an one time password!

Those are mostly handed out to the account holder in person. This of
course varies from bank to bank. But I don't know any German bank that
doesn't demand at least one time password confirmation. Major banks
already offer RSA smart cards, which can be used with the nation wide
online banking standard HBCI or FinTS:

http://en.wikipedia.org/wiki/FinTS

I'm still shocked about the poor security of North American banks, where
one successful phishing email is enough to control and empty entire bank
accounts.

Greetings from good old Germany,
        Martin Salfer


Jost Krieger wrote:
> > http://it.slashdot.org/it/08/12/09/0125201.shtml
-----BEGIN PGP SIGNATURE-----

iD8DBQFJQAvEy4+E3T5McJsRAwlgAKCZ13lqR2mSW5Mb9naEhlRi4dm6FQCgpp7r
3z+O7fR7Wz4mBpI/AUHHvVI=
=Gpxg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/