German bank launches new system to combat phishing

German retail bank Postbank AG has launched a new plan designed to prevent phishers from capturing and misusing transaction numbers required by online banking customers to make money transfers.

The bank, which was the victim of a major phishing attack last year, is the first in Germany to offer "indexed" transaction numbers, or iTANs, it said Monday in a statement.

Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.

Until now, Postbank customers transferring money from their account to another electronically have had to type in their PIN (personal identification number) followed by a TAN from a list provided by the bank for each transaction. In Germany, most banks providing online services offer a similar PIN-TAN service.

Under Postbank's new iTAN service, online customers are told by the computer which TAN to use, and only with this TAN can they complete a transaction at that very moment.

Alongside each five-digit TAN appears an index number, which the computer uses to point customers to the TAN they must use to activate the transaction.

As another precaution, Postbank customers can set a limit on the amount of money to be transferred from their accounts online.

Postbank, which was spun off of the former German public administration for post and telecommunications, is one of the country's largest consumer banks with 11 million customers of whom nearly 1.7 million have online banking accounts.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon