How the OTP system for Bank transactions is bypassed

Posted on December 13, 2012 by Vijayashankar Na

Dec 7: The commercial banks in India have banked heavily on the two factor system where the OTP sent through a mobile is used to authenticate the password based access. Some Banks like SBI and ICICI Bank even tried to convince the RBI that this two factor authentication should be given a legal sanction. Now this case study explains how the new variants of Zeus Virus is used to defeat the two factor authentication with the use of a mobile.  Named as “Eurograbber” this virus is reported to have been used for defrauding over 30000 bank customers across EU to the tune of around 36 million Euros. This also represents the risk that Indian Banks are facing. It is anybody’s guess if the Indian Banking system can survive such an attack. If such a damage occurs, Indian economy will be in shambles not withstanding any of the other efforts of the GOI.  Case Study

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Information Assurance and tagged , , , , . Bookmark the permalink.

One Response to How the OTP system for Bank transactions is bypassed

  1. surendra rai says:
    December 20, 2012 at 4:49 pm

    Good article. ON the same way 7 customers of SBI have been cheated bypassing OTP system and fraud internet purchase was done . These customers do not have internet banking facility and also their mobile was not registered with Bank.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.