I pose this question for our security and tech experts to give their views.
The credit card now has a CVV, but it is printed on the card. A thief could use the credit card and the CVV. So, as a security the bank send a SMS and the owner has to enter the PIN to authenticate the transaction.
I have built an app to generate a OTP that the bank can use, instead of SMS. The OTP changes every minute.
An alternative is for the bank to ask the owner to enter a 6 digit PIN. This PIN does not change and does not need a mobile app to generate.If a fixed PIN is used, the POS device will ask the customer to enter the fixed PIN for authentication.
For e-commerce, the website will ask the customer to enter the fixed PIN (using SSL) for authentication.
Is the fixed PIN as good as a OTP that changes every minute, from the security angle?
The credit card now has a CVV, but it is printed on the card. A thief could use the credit card and the CVV. So, as a security the bank send a SMS and the owner has to enter the PIN to authenticate the transaction.
I have built an app to generate a OTP that the bank can use, instead of SMS. The OTP changes every minute.
An alternative is for the bank to ask the owner to enter a 6 digit PIN. This PIN does not change and does not need a mobile app to generate.If a fixed PIN is used, the POS device will ask the customer to enter the fixed PIN for authentication.
For e-commerce, the website will ask the customer to enter the fixed PIN (using SSL) for authentication.
Is the fixed PIN as good as a OTP that changes every minute, from the security angle?
It's a great blog about security thanks for sharing the blog to know more about online banking.
ReplyDeleteFast mobile banking