Press release 06/05

Furtwangen, June 1, 2005 – Online thieves try to obtain passwords and PIN information by asking users to disclose their sensitive data.
“If all banks were to offer their customers online banking with HBCI more actively and convincingly, “phishing” would soon no longer be an issue,” says Sommer.
The various scenarios of this password theft are well known: Sending fake e-mails is only the most obvious way to obtain sensitive data such as PINs.
Users are asked to enter their confidential data on special websites, for example.
However, the use of Java scripts on websites leads to so-called routines being installed unnoticed on the user’s PC, which specifically collect and send the sensitive bank data.
“The worst thing about this is that you don’t notice it at all,” says Sommer.
Another variant is overwriting browser windows with other content so that the user is on the correct website, but phishing routines have been anchored in the input window.
“What is happening here is no longer a trivial offence or sporting hacking, but organized crime,” he says angrily.
This makes it all the more incomprehensible to the IT expert that consumer protection is not taking action where a solution to the problem is already available in advance.
Thanks to the use of modern cryptographic functions and the use of chip cards, the HBCI standard allows secure communication via the Internet.
This means that the PIN is entered directly into a chip card reader and not routed via the PC, as with a normal computer keyboard.
“This also means it cannot be copied and misused”.
Of course, online banking with HBCI costs a little more than the “already outdated” PIN-TAN procedure, because the bank customer has to purchase a corresponding card reader.
Even if the banks usually subsidize the security package for home banking in the interests of customer friendliness, there are additional costs.
This is why banks are sometimes reluctant to recommend this secure procedure to their customers.
This is because it is still the rule that customers have to ask if they want to be completely secure when banking online.
“But there are already banks that consistently offer their customers the secure HBCI procedure.”
Carsten Sommer hopes that there will be even more so that the phishing spook will soon be put to an end.
An HBCI security package from REINER SCT costs Software less than 100 euros. (The text comprises approx. 3,000 characters)