Thursday, May 21, 2009

Hacked! Key Bank Technology Used to Secure Internet Transactions...

This is BIG news folks.  Game Changing.  Only the tip of the Iceberg though.  We can't be using web browsers for financial transactions (internet or mobile) because it too dang hackable.  As the article states, money transfer, unsafe, One-Time-Passwords (OTP's) unsafe, Internet Transactions, unsafe, Mobile Phones, unsafe, browsers, unsafe.  As I said, this is BIG news and it all bodes well for HomeATM's theory that financial transactions need to be encrypted outside the browser space...and the only way to do that is with a hardware device.  Period.  It doesn't hurt that HomeATM owns the patent and the worlds ONLY PCI 2.0 Certified PED designed for eCommerce!  Anyway...here's some background...

I was working on a post I think I'll call "Comparing Apples to "Let's Just Say" The Real Deal" and I saw this (as I said)  "GAME CHANGING" news come across the wires.  Since it related directly to the post I was writing, I thought I'd take a time out and post this one first in order to create a perfect segway. 


Think there is such a thing as a secure transaction done "over" the internet?  Think mobile phones are secure for financial transactions?  Think again.  Think Different!

Financial Transactions must be done (and ENCRYPTED) "outside the browser space!" PERIOD.  Here's an excerpt from an article released less than 30 minutes ago by PC World:

Investigators Replicate Nokia 1100 Online Banking Hack - Business Center - PC World

A Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.  See my post: I'll Give You $10k for Your Nokia 1100 

Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS (Short Message Service) messages, said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan.

The Nokia 1100 hack is powerful since it undermines a key technology relied on by banks to secure transactions done over the Internet.

Banks in countries such as Germany and Holland send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow, for example, the transfer of money to another account.

Since the Nokia 1100 can be reprogrammed to respond to someone else's number, it means cybercriminals can also obtain the mTAN by SMS. (Editor's Note: OTP's are overrated!)


Cybercriminals must already have a person's login and password for a banking site, "but that's easy" since millions of computers worldwide contain malicious software that can record keystrokes.

Editor's Note:  Well a publication besides the PIN Payments News Blog that states getting a person's login and password for a banking site is easy.  It took a while...now that it's done, I say: "That Was Easy!  Need I say more about why HomeATM engineered the worlds first and only PCI 2.0 certified PED designed to conduct financial transactions "outside the browser space" (for any web enabled device...including mobile phones)  I think I do.  You watch...at the end of the day when the smoke clears, you'll see it how we see it.


Continue Reading at PC World










Reblog this post [with Zemanta]

Disqus for ePayment News