The relevance of the our proposal:
Banking is the most susceptible to phishing attacks.
The statistics of phishing attacks in I quarter of 2013 according to the Anti-Phishing Working Group (APWG) is:
Standard scheme OTP:
- Provides client authentication.
- Does not provide authentication of the portal.
- Does not protect the bank and the customer from a phishing attack.
- Increases the costs for thebank due to sending SMS.
- Not guarantee the delivery of SMS.
Application of the Anti-Phishing OTP -based on the "Card Cluster" allows the bank:
- Exclude phishing.
- Reduce the costs.
- Exclude subjection from mobile operators and SMS late delivery .
- to provide a significant competitive advantages in terms of security of customer service.
- to have an opportunity to implement other projects based on the "Card Cluster".
Description of the stages of the project:
- Preparatory activities :
- SmartUp applet must be installed on the bank card’s SSD.
- The client should install on smartphone the OTP-application
- Stages of interaction:
- The customer applies the card on his smartphone through NFC and sees a generated by card OTP.
- The customer enters the OTP on the bank’s website that is then checked by the bank server. If the check is passed successfully, the bank server generates a responsive OTP.
- The customer enters the bank’s OTP into the smartphone application, the card checks OTP.
- The customer and the server are mutually authorized.