loading
Documents

Research.Publish.Connect.

Paper

Authors: Vincent Haupert and Tilo Müller

Affiliation: Friedrich-Alexander University Erlangen-Nürnberg (FAU), Germany

ISBN: 978-989-758-282-0

Keyword(s): Mobile Banking, App-based Authentication, Malware, PSD2, Compliance.

Abstract: Owing to their growing popularity, smartphones have made two-step authentication schemes not only accessible to everybody but also inexpensive for both the provider and the end user. Although app-based two-factor methods provide an additional element of authentication, they pose a risk if they are used as a replacement for an authentication system that is already secured by two-factor authentication. This particularly affects digital banking. Unlike methods backed by dedicated hardware to securely legitimize transactions, authentication apps run on multi-purpose devices such as smartphones and tablets, and are thus exposed to the threat of malware. This vulnerability becomes particularly damaging if the online banking app and the authentication app are both running on the same device. In order to emphasize the risks that single-device mobile banking poses, we show a transaction manipulation attack on the app-based authentication schemes of Deutsche Bank, Commerzbank, and Norisbank. Fu rthermore, we evaluate whether the matrix code authentication method that these banks and Comdirect implement—widely known as photoTAN—is compliant with the upcoming Revised Payment Service Directive (PSD2) of the European Banking Authority (EBA). (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.225.57.230

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Haupert V. and Müller T. (2018). On App-based Matrix Code Authentication in Online Banking.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 149-160. DOI: 10.5220/0006650501490160

@conference{icissp18,
author={Vincent Haupert and Tilo Müller},
title={On App-based Matrix Code Authentication in Online Banking},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={149-160},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006650501490160},
isbn={978-989-758-282-0},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - On App-based Matrix Code Authentication in Online Banking
SN - 978-989-758-282-0
AU - Haupert V.
AU - Müller T.
PY - 2018
SP - 149
EP - 160
DO - 10.5220/0006650501490160

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.