The Bankwatch

Tracking the evolution of financial institutions

Citibank Hardware Tokens Defeated – but don’t blame the tokens

A well crafted and reasoned view on the ‘man in the middle attack’ on Citibank tokens, from Improving.  This provides good balance to my earlier post.

Improving New Account Opening: Citibank Hardware Tokens Defeated – but don’t blame the tokens – Solving complex business problems with financial services technology

Physical tokens are not dead. But as the Citibank example has shown, without providing additional layers of protection to users to help them avoid phishing, a well crafted, realtime scam can defeat even this two factor authentication.

Written by Colin Henderson

Saturday, 12 August 2006 at 01:44

Posted in Banking Strategy, Online Banking, Security

«
»

3 Responses

Subscribe to comments with RSS.

  1. Colin

    Found this presentation on Brand Tarot, the blog of British planner, John Grant.

    How banking can benefit from ideas commonly used in the retail industry. http://www.flickr.com/photos/33294214@N00/sets/72157594232169731

    Nishad

    Saturday, 12 August 2006 at 10:52

  2. Thanks Nishad … this presentation does a great job at highlighting attributes of traditional retailers, that Banks could learn from.

    One I noted in there was the mobile banker idea on a motor-bike in Sweden. They do that in Japan too; the banker in a suit, zips around on a scooter, and takes the bank to the customers house.

    Colin

    Saturday, 12 August 2006 at 14:15

  3. [...] the other hand the technology exists to get past [...]

    Two-factor authentication is not well understood « The Bankwatch

    Thursday, 17 May 2007 at 22:46


Comments are closed.