Mobile TAN (mTAN)
mTANs are used by banks in Austria, Bulgaria, Czech Republic, Germany, Hungary, the Netherlands, Poland, Russia, South Africa, Spain, Switzerland and some in New Zealand, Australia and Ukraine. When the user initiates a transaction, a TAN is generated by the bank and sent to the user's mobile phone by SMS. The SMS may also include transaction data, allowing the user to verify that the transaction has not been modified in transmission to the bank.
However, the security of this scheme depends on the security of the mobile phone system. In South Africa, where SMS-delivered TAN codes are common, a new attack has appeared: SIM Swap Fraud. A common attack vector is for the attacker to impersonate the victim, and obtain a replacement SIM card for the victim's phone from the mobile network operator. The victim's user name and password are obtained by other means (such as keylogging or phishing). In-between obtaining the cloned/replacement SIM and the victim noticing their phone no longer works, the attacker can transfer/extract the victim's funds from their accounts.
Read more about this topic: Transaction Authentication Number
Famous quotes containing the word mobile:
“From three to six months, most babies have settled down enough to be fun but aren’t mobile enough to be getting into trouble. This is the time to pay some attention to your relationship again. Otherwise, you may spend the entire postpartum year thinking you married the wrong person and overlooking the obvious—that parenthood can create rough spots even in the smoothest marriage.”
—Anne Cassidy (20th century)