Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Several German banks have announced plans to eliminate the use of one-time SMS passwords as a method of authorizing and confirming a transaction. The reason for the rejection of one-time SMS passwords is the new EU legislation, which will enter into full force on September 14, 2019.
Handelsblatt reports that Postbank will phase out support for one-time SMS passwords in August, Raiffeisen Bank and Volksbank in the fall, and Consorsbank will do so by the end of the year. Deutsche Bank and Commerzbank also plan to drop support, but have not announced a date yet. Other banks such as DKB and N26 have never used the technology, and ING has not publicly announced its plans yet.
In 2015, the EU revised the first payment services directive of 2007 (a set of rules governing online payments in the EU) and released an updated version of PSD 2, requiring the implementation of reliable customer authentication mechanisms. According to estimates by the European Banking Supervision Service (The European Banking Authority, EBA) , which last June introduced regulations technical standards within PSD2, current implementations of authentication mechanisms for a one-time SMS-codes are not soostvetstvuyut new requirements.
Over the past few years, the number of attacks using the SIM swapping method has increased, thanks to which a fraudster can deceive a telecom operator and transfer a user's phone number to another SIM card, gaining access to a user's online accounts in banks and on cryptocurrency exchanges.
Cybersecurity experts have warned against using one-time SMS passwords for several years, but not because of SIM swapping attacks. The problem lies in the inherent and irreparable shortcomings of the SS7 protocol, which is used to configure most telephone exchanges around the world. Vulnerabilities in this protocol allow attackers to steal a user's phone number stealthily, even without the knowledge of the provider, allowing them to track its owner and authorize online payments or login requests.
Cybersecurity experts recommend using authenticator apps or hardware tokens instead of SMS-based authentication.
The European Banking Authority (EBA) is an independent body of the European Union (EU) that exercises prudential regulation and supervision in the European banking sector. The aim of the EBA is to maintain financial stability in the EU and to ensure the integrity, efficiency and orderliness of the banking sector.
Handelsblatt reports that Postbank will phase out support for one-time SMS passwords in August, Raiffeisen Bank and Volksbank in the fall, and Consorsbank will do so by the end of the year. Deutsche Bank and Commerzbank also plan to drop support, but have not announced a date yet. Other banks such as DKB and N26 have never used the technology, and ING has not publicly announced its plans yet.
In 2015, the EU revised the first payment services directive of 2007 (a set of rules governing online payments in the EU) and released an updated version of PSD 2, requiring the implementation of reliable customer authentication mechanisms. According to estimates by the European Banking Supervision Service (The European Banking Authority, EBA) , which last June introduced regulations technical standards within PSD2, current implementations of authentication mechanisms for a one-time SMS-codes are not soostvetstvuyut new requirements.
Over the past few years, the number of attacks using the SIM swapping method has increased, thanks to which a fraudster can deceive a telecom operator and transfer a user's phone number to another SIM card, gaining access to a user's online accounts in banks and on cryptocurrency exchanges.
Cybersecurity experts have warned against using one-time SMS passwords for several years, but not because of SIM swapping attacks. The problem lies in the inherent and irreparable shortcomings of the SS7 protocol, which is used to configure most telephone exchanges around the world. Vulnerabilities in this protocol allow attackers to steal a user's phone number stealthily, even without the knowledge of the provider, allowing them to track its owner and authorize online payments or login requests.
Cybersecurity experts recommend using authenticator apps or hardware tokens instead of SMS-based authentication.
The European Banking Authority (EBA) is an independent body of the European Union (EU) that exercises prudential regulation and supervision in the European banking sector. The aim of the EBA is to maintain financial stability in the EU and to ensure the integrity, efficiency and orderliness of the banking sector.
