Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knoppix Used in Internet Banking Solution

Posted by samzenpus on from the open-banking dept.

renai42 writes "Australian company Cybersource says it's currently talking to two domestic banks about providing Knoppix-based bootable CDs to consumers to ensure Internet banking security. The company says at least one bank will probably use the CDs in at least one sector of its operations. Cybersource envisages that banks will re-brand its product and provide the CDs alongside other marketing material."

1 of 263 comments (clear)

  1. Dutch Banks by Anonymous Coward · · Score: 5, Informative

    Hi, I'm not informed much about American and other foreign banks, but here in The Netherlands it works the following:

    (Almost all) The banks over here use a kind of calculator device. You insert your pass into it. Your normal pass you use for withdrawal from ATM's....

    You type in your PIN code and hit 'OK'. On the website of the bank you have to type 2 things. Your account number and the key generated after you hit 'OK' on the device. This key is different every X seconds (I don't know the interval).

    This matches with the interval the bank has running. This combination of pass ID, PIN code, account number and the interval is key to have access. You need all of them to get in.

    The websites session times out after about 2 minutes when there is no action anymore.

    If you want to transfer money, you get another screen. You have to insert the number shown on the screen into the device. After you hit 'OK', another number is shown on the device, you type this in the inputbox of the website. After it is verified, the transfer will be processed.

    If the amount to fransfer is higher than X, you have to process 2 numbers on the device and submit the generated numbers on the website.

    This is all done on HTTPS and works with most browsers.

    I believe this is one of the most secure methods I can imagine. It is not flawless maybe, but it works and there is much needed to hijack information from the sessions. Without the device, the pass and the account number one can do nothing. Without the PIN you still go nowhere....

    The device is small, portable and lightweight. Internet cafe's, at the office, at HotSpots, anywhere you can use 'safe' banking this way. As long as the banks website is online and within reach (no stupid proxies or whatever).

    Just my view on banking online....