Researchers and students from the University of Tübingen, working with GFT Technologies AG, have developed a new process to make online banking more secure.
The idea for the NFC-TAN process came about four years ago, was patented and further developed by students as part of their undergraduate studies, says Dr. Bernd Borchert of the University of Tübingen’s Wilhelm Schickard Institute of Computer Science. NFC stands for Near Field Communication, an international standard which allows electronic devises to transmit data over short distances.
When a customer wants to make a bank transfer from home, the bank sends him a transaction authentication number (TAN) for each transaction, which is only confirmed when the TAN has been entered. Up to now, TANs were sent by text message or generated by a chip TAN device. The first system was handy but fraught with risk, says Borchert. Malware on a person’s smartphone could read his password and enable others to log into his account via his own phone.
The new NFC-TAN process is similar to using a TAN generating device, but now that device is replaced by the user’s smartphone. The user is shown a 2D code on his home computer, which he can scan into his phone using a special bank app. After a transaction is confirmed on the smartphone display, the customer holds his account card up to the phone. The card generates the TAN and transmits it via NFC to the phone. “It is a more secure procedure than the text-message TAN,” says Borchert, adding that it is easier than using a TAN generator, because no extra device is needed. Nor does it cost more to start up or run. One in four smartphones on the market is NFC capable — and banks are already planning to introduce NFC-capable account cards.
The Tübingen computer scientists are planning to market the process with the help of GFT Technologies, a Stuttgart IT company. Demonstrations are running at CeBIT from March 5-9.
Reprinted from: Universitaet Tübingen