Anti-Phishing OTP

The relevance of the our proposal:

Banking is the most susceptible to phishing attacks.

The statistics of phishing attacks in I quarter of 2013 according to the Anti-Phishing Working Group (APWG) is:

 
antiphishing

Standard scheme OTP:

  • Provides client authentication.
  • Does not provide authentication of the portal.
  • Does not protect the bank and the customer from a phishing attack.
  • Increases the costs for thebank due to sending SMS.
  • Not guarantee the delivery of SMS.

 

Application of the Anti-Phishing OTP -based on the  "Card Cluster" allows the bank:

  • Exclude phishing.
  • Reduce the costs.
  • Exclude subjection from mobile operators and SMS  late delivery .
  • to provide a significant competitive advantages in terms of security of customer service.
  • to have an  opportunity to implement other projects based on the "Card Cluster".

 

Description of the stages of the project:

  • Preparatory activities :
    • SmartUp applet must be installed on the bank card’s SSD.
    • The client should install on  smartphone the OTP-application
  • Stages of interaction:
    • The customer applies the card on his smartphone through NFC and sees a generated by card OTP.
    • The customer enters the OTP on the bank’s website that is then checked by the bank server. If the check is passed successfully, the bank server generates a responsive OTP.
    • The customer enters the bank’s OTP into the smartphone application, the card checks OTP.
    • The customer and the server are mutually authorized.

Related business domains