|
Improving Netelller security measures
A I understand it, German banks require a validation code in additon to userid and password. For ever transaction , there is a transaction code (provided by the bank) that needs to be cross checked against a validation list provided to the customer when the account was created ( a list of 300) Therefore, if a hacker were to get your user id and password, he will still need the list to enter the next validation code (this list could be kept on paper,USB stick , etc so it can't be stolen from your PC). A keylogger will get your userid and password but it will not have the next validation code for the next transaction.
For example, for a single transaction you need your userid, password , transaction number (provided by bank at the time of the transaction ) and the validation code (provided by the user at the time of the transaction). All this information has to match for a transaction to go though. In the case of Neteller, we may need a validation code for depositing. withdrawing and peer to peer transfers. Ofcourse , the transaction codes are random and the validation codes will not be used in sequence. At one point the the codes have to be recycled or you will need to request more from Neteller. I am sure there are holes using this approach but it makes it really hard for keyloggers and hackers that get into your PC unless they get a hold of your validation list. thoughts ?? JAque |
Re: Improving Netelller security measures
That sounds pretty damn slick to me. Now how do I open a bank account in Germany? (kidding. sort of.)
|
Re: Improving Netelller security measures
sounds like a good idea, I hope they do it.
|
Re: Improving Netelller security measures
Neteller should use the RSA SecurID Authentication system. I've seen this security system used in some of the financial accounting systems of the big entertainment companies.
I have absolutely nothing to do with this company or a financial interest in it. I've just seen it in action before at two companies that I've done work for (in a unrelated to security issues). In addition to the normal username and password, the login user has a physical SecurID card that continuously generates special authentication codes (it changes about every 40 seconds or so). The user must also input that special continously changing code after the password. The SecurID card is the size of a credit card, but about four times thicker. It's a solid plastic with no openings and the IC's contained within are destroyed if it's tampered with any opening attempt. Here's a cut & paste from their website: RSA SecurID Authentication Securing your Future with Two-Factor Authentication Do you really know who's accessing your most sensitive networked information assets? Unfortunately, security built on static, reusable passwords has proven easy for hackers to beat. A recent recommendation by the Federal Deposit Insurance Corporation (FDIC) makes this very clear-two-factor authentication is recommended to minimize identity theft. RSA SecurID® two-factor authentication is based on something you know (a password or PIN) and something you have (an authenticator)—providing a much more reliable level of user authentication than reusable passwords. Organizations looking to validate specific financial transactions via transaction signing can also leverage the recent addition to the RSA SecurID hardware authenticator family. The RSA SecurID solution is the world's leading two-factor user authentication system, relied on by over 20,000 of organizations worldwide to protect valuable network resources. |
Re: Improving Netelller security measures
Yes, it sounds exactly as I described except the validation code is created by the card with memory chip instead of a fix list of codes.
thanks |
Re: Improving Netelller security measures
Both of my banks use this system too, and I really love it. My lists are also both one use only, you cross over the codes you've spent and when you've used all of your codes, you have to get a new code list. Without access to the list, you can't make a transaction. [img]/images/graemlins/heart.gif[/img]
|
Re: Improving Netelller security measures
I've heard of this RSA card thing, but I'm sure it's too expensive. [img]/images/graemlins/frown.gif[/img]
|
Re: Improving Netelller security measures
[ QUOTE ]
I've heard of this RSA card thing, but I'm sure it's too expensive. [img]/images/graemlins/frown.gif[/img] [/ QUOTE ] 5yrs ago, it was $80 per card dont know how much it is now. |
Re: Improving Netelller security measures
[ QUOTE ]
I've heard of this RSA card thing, but I'm sure it's too expensive. [img]/images/graemlins/frown.gif[/img] [/ QUOTE ] I used to support a hospital network and our outside clients used these devices to login to our network and retrieve patient info. They were excellent and rarely had any complications. We charged doctors $65 per device and even they refused to pay for more than one in many cases, even when their daily operations required more than one person had access to the records. There were some doctors I know of that changed their daily operations to avoid the one time $65 fee. These are the same doctors whose homes I would visit to setup software on their home PCs and had furniture, artwork and other trinkets worth more than my car. The truth is that most people don't see this level of security as a benefit because it costs them something to establish that security level. I don't believe many people will be willing to pay $65 for a device to secure their money, especially when many of the recreational players only deposit small amounts of money at any one time. |
Re: Improving Netelller security measures
Is there a problem with Neteller Security?
Even if you had my account number, password and secure ID number, I would be notified if you tried to change my bank account info or email address. So you would need a few days to actually get any of my money, and hope I didn't read my email for that amount of time. I sure don't need even more of a hassle cashing out without a good reason. As anyone experienced any problems? |
Re: Improving Netelller security measures
Two factor authentication is great. Sorry to say it's doubtful that Neteller will ever implement it. Any company that stores it's user's passwords unencrypted in a database and allows it's customer service agents to see them is beyond hopeless for ever being "secure".
|
Re: Improving Netelller security measures
There has been many claims of accounts that were hacked. I am sure some were trolls but there were some legit. The issue is that many people keep large amounts of money on these accounts. There was an example of a well known site providing an application that had a virus (without them knowing about it). Therefore, better security is needed. I wrote to Neteller already . I am curious what answer I will get.
JAque |
Re: Improving Netelller security measures
I have an RSA SecurID card for access to patient data and images. It is great. I wish I had one for my banking.
MrX |
Re: Improving Netelller security measures
How much is the card ?
JAque |
Re: Improving Netelller security measures
[ QUOTE ]
Is there a problem with Neteller Security? Even if you had my account number, password and secure ID number, I would be notified if you tried to change my bank account info or email address. [/ QUOTE ] Yes, I'd say Neteller is pretty unsecure and I'm not comfortable keeping large amounts of money there. One of the most common ways to steal someone's Neteller funds seems to be transferring them to some shady casino. This requires only the user's Neteller login and secure id, which Neteller sends to it's users in an email when opening their account. These emails are not that hard to come by for a hacker, as people keep their emails in some pretty unsafe webmail-systems like hotmail. Onetime passwords would be a very welcome security feature, and would most likely put an end to most of Neteller's security problems. |
Re: Improving Netelller security measures
Here in the Netherlands at my bank when I make a transaction I get a SMS with a code I need to enter online. Works great too.
|
Re: Improving Netelller security measures
[ QUOTE ]
How much is the card ? JAque [/ QUOTE ] My company pays for it, I'll see if I can find out. |
| All times are GMT -4. The time now is 06:26 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.