Trusted Transactions | Entersekt Blog

Trusted Transactions | Entersekt Blog

SS7 attack gives pause for thought

Posted by Stephen Drake, Senior Systems Developer - Entersekt

Jul 6, 2017 8:00:00 AM

A recent malicious attack on customers of O2-Telefonica in Germany saw several bank accounts drained. This may just be the clarion call for telcos to address a flaw in Signaling System 7 (SS7) that has been raising red flags for years.

SS7 is an international telecommunications standard that defines how elements in a public switched telephone network (PSTN) exchange information. It is what allows us to receive an SMS text message whether we are at home or roaming in Europe. It is what enables carrier interoperability, and as such is the backbone of global communication.

Read More

Topics: SMS OTP/ mTAN, Interoperability, Privacy

No branch required: the rise of digital-only banks

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Nov 3, 2016 10:00:00 AM

Banking is increasingly moving away from brick-and-mortar branches and into the digital domain. Some banks have opted out of having physical branches at all and operate as so-called digital-only banks. Who are these banks, and how are they faring compared to traditional financial institutions? Let’s take a closer look.





Read More

Topics: One-time passwords, SMS OTP/ mTAN, User experience

Fraud thriving Down Under

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Sep 29, 2016 3:10:59 PM

Australia and New Zealand seem to have become prime targets for cybercriminals over the past few months. As a target, Australia is under the top 10 in the world for phishing, malware, and fraud. According to Symantec strategist Mark Shaw, 108 cybercrime attacks occur in New Zealand every day; during 2015, the country’s global rank rose in five out of six threat categories: spam, phishing hosts, bots, network attacks, and web attacks. It also had the eighth-highest proportion of global phishing traffic. More than 856,000 New Zealanders are estimated to have been affected by cybercrime last year, at a cost of 257 million New Zealand dollars (186 million US dollars) to the economy.


Read More

Topics: Regulatory guidance, One-time passwords, SMS OTP/ mTAN, Entersekt white papers

How to secure digital banking in the world’s wealthiest region

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Aug 23, 2016 11:00:00 AM

Global Finance recently published their 2015 rankings for the richest countries in the world. Not surprisingly, five out of the wealthiest twelve are located in the Middle East: Bahrain (12), Saudi Arabia (11), the United Arab Emirates (7), Kuwait (5), and Qatar (1).


Read More

Topics: One-time passwords, SMS OTP/ mTAN

Defunct SMS OTP still reigns at Australian banks

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Aug 16, 2016 10:30:00 AM

An investigation into online banking security measures in Australia revealed that SMS OTP is still very popular there, despite increasing global awareness of this authentication method’s vulnerabilities. In fact, starting from the next edition of its Digital Authentication Guideline, the United States’ National Institute of Standards and Technology (NIST) will no longer allow SMS OTP as a form of 2FA.


Read More

Topics: One-time passwords, SMS OTP/ mTAN

NIST puts the brakes on a slow-mo train wreck

Posted by Gerhard Oosthuizen, Chief Information Officer, Entersekt

Aug 4, 2016 11:36:58 AM

I felt a flicker of recognition reading Dave Birch’s reaction this week to news that the US Department of Commerce’s National Institute of Standards and Technology (NIST) is “deprecating” the use of SMS-based authentication.

Dave’s been deprecating SMS one-time passwords (OTPs or mTANs) for almost a decade. As a very widely read influencer and director of Consult Hyperion, his opinion could be seen as less partisan than, say… ours, and as a result hold greater weight.

Dave’s not so sure. Surveying the damage done by SMS OTPs over recent years, he writes, amusingly: “These are all symptoms of the fact that nobody listens to me about mobile banking security.”

Read More

Topics: Transaction signing, Regulatory guidance, One-time passwords, SMS OTP/ mTAN

Entersekt helps German banks go beyond ticking BaFin’s boxes

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Jul 14, 2016 11:00:00 AM

Entersekt’s mission is to support financial institutions in their fight against digital fraud, so we watch the changing regulatory environment very closely. Our solutions are designed to comply with digital banking security guidelines across the globe, including those set out by the European Central Bank (ECB), the Federal Financial Institutions Examination Council (FFIEC), and the Monetary Authority of Singapore (MAS). In Germany, the relevant regulatory authority is the Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin.


Read More

Topics: Regulatory guidance, One-time passwords, SMS OTP/ mTAN, User experience

The singularity event for SMS OTP

Posted by Dewald Nolte, SVP partnerships and alliances, Entersekt

Mar 31, 2016 9:14:00 AM

The Hungarian-American polymath, John von Neumann, once posited that, “the ever accelerating progress of technology ... gives the appearance of approaching some essential singularity in the history of the race beyond which human affairs, as we know them, could not continue.”

This concept – an event or sequence of events likely to occur at the birth of artificial intelligence – has been widely debated ever since. Its consequences set the imagination racing. Our approach to almost everything will, after all, have to be discarded to make way for an entirely new paradigm.

Read More

Topics: One-time passwords, SMS OTP/ mTAN

2016: An annus horribilis for SMS OTP

Posted by Jolette Roodt, Writer/Analyst, Entersekt

Mar 17, 2016 11:00:00 AM

The year has not started well for that popular authentication method, one-time passwords (OTPs) sent via SMS. Still widely used during logins and transactions as part of a two-factor authentication (2FA) process, SMS OTP has long been vulnerable to cyber criminals.

 In South Africa, forensics consultant, David Klatzow, came out with guns blazing in early March, accusing at least one large South African bank of exposing high-net-worth individuals to large fraud losses by staying with SMS OTP. (Most South African banks have stopped using SMS OTP in favour of Entersekt’s technology.) Klatzow, who became a household name as an expert witness in the Oscar Pistorius trial, stated that banks who use this technology should be held responsible for phishing losses. This set off a heated debate over liability in local newspapers, radio, and social media, pitting frustrated victims and security experts against the banks and mobile operators accused of covering up internal SIM-swap fraud.

Read More

Topics: SIM swaps/cloning and number porting, SMS OTP/ mTAN

The trouble with mTANs

Posted by Claudius van der Meulen, VP business development / director Europe, Entersekt

Nov 5, 2015 10:41:00 AM

A mobile transaction authentication number (mTAN) is a one-time password delivered to users of online systems using the SMS format. Millions of digital banking customers use them today to verify their online transactions with their bank. It is a system that most consumers believe to be secure, but that has been repeatedly compromised over the past years in a variety of ways.

Read More

Topics: One-time passwords, SIM swaps/cloning and number porting, SMS OTP/ mTAN

About Trusted Transactions

Trusted Transactions is Entersekt's blog devoted to keeping our customers, prospects and friends updated with industry news, security threats and technology advances in consumer authentication. We can protect against online banking fraud and account takeovers. Trusted Transactions brings you industry data and insights to help safeguard your online and mobile banking and payments transactions. 

Subscribe to Entersekt's Blog


Download white paper: The importance of transaction  signing to banks  


Follow Entersekt