The Bankwatch

Tracking the consumer evolution of financial services

ClairMail Delivers Major Breakthrough in Online Banking Security (press release)

 While this is overkill for logging in, this type of out of band authorisation is relevant for second factor authentication periodically, or for high value transactions.

A customer logs on as usual with her username and password (the first factor); at logon, the ClairMail system automatically sends a time-expiring, one-time-PIN (OTP) to the customer’s mobile phone (the second factor) and the customer enters the OTP while online to validate the session.

Source: ClairMail Delivers Major Breakthrough in Online Banking Security

 

Written by Colin Henderson

October 30, 2006 at 21:00

Posted in Security

3 Responses

Subscribe to comments with RSS.

  1. One interesting thing being done by a bank in India (ICICIBank.com) is that at the back of the Debit Card issued for the account there is a lettered (A to P) grid with 2-digit numbers in each cell.
    When attempting a third party transfer the website presents you with a few alphabets for which you must enter the corresponding 2 digit numbers to succesfully complete the payment.
    For older debit cards (that don’t have the grid), it asks the customer to key 4 randomly chosen digits in the debit card no

    Shreepad

    October 31, 2006 at 04:54

  2. The out-of-band message to the cell phone is hardly new, so I find ClairMail’s “breakthrough” statement dubious. Banks in the rest of the world — Australia especially — have been doing this for a while.

    Shreepad, that’s interesting. I’ve heard about the “bingo card” approach many times, but I haven’t often seen it in practice.

    Dan

    October 31, 2006 at 10:15

  3. Found MyPW a couple of weeks ago its pretty cool its a OneTime Password (OTP) service.

    I got it working on my site within a few hours.

    You should check it out its really cheap.

    http://www.mypw.com

    Frank

    November 28, 2006 at 23:41


Comments are closed.

%d bloggers like this: