South Africa Flag logo

South African Skeptics

December 09, 2019, 21:04:00 PM
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Go to mobile page.
News: Please read the forum rules before posting.
   
   Skeptic Forum Board Index   Help Forum Rules Search GoogleTagged Login Register Chat Blogroll  
Pages: [1]   Go Down
  Print  
Author Topic:

ABSA online banking security

 (Read 6164 times)
Description: Just for show?
0 Members and 1 Guest are viewing this topic.
bluegray
Administrator
Hero Member
*****

Skeptical ability: +9/-3
Offline Offline

Posts: 1107



saskeptics
WWW
« on: May 29, 2009, 14:52:42 PM »

When banking with ABSA online, you have the choice of doing it in a normal PC browser or through a mobile browser. The mobile site is optimized for a small screen and less bandwidth. But it would seem also with less "security".

On the normal PC browser site you are asked for you login details, which takes you to an additional page where you have to enter a few characters of an additional password, presumably an extra layer of security.
But if you go through the mobile site, the extra password is not necessary. All you need is your 5 digit pin. The extra password security is only for show if you use a PC browser.

So ABSA expects fraudsters to only go through the PC site? This strikes me as very insecure. Shocked
Logged
Mefiante
Defollyant Iconoclast
Hero Member
*****

Skeptical ability: +61/-9
Offline Offline

Posts: 3757


In solidarity with rwenzori: Κοπρος φανεται


WWW
« Reply #1 on: May 29, 2009, 16:36:38 PM »

On a related security matter, at least one of the big four SA banks has inadvertently compromised the security of five-digit PINs by disallowing those that have three or more of the same digit in a row, as well as certain other special combinations like sequential digits.  This means that about 3,000 PINs (of a possible 100,000) cannot be used at all, which reduces the potential search space and thus diminishes the security of valid PINs, even if only slightly.  It is understandable why the bank has excluded certain PINs, but I still think it was an ill-considered idea mandatorily to exclude them, rather than merely issuing a pamphlet giving guidelines on secure PIN selection.

'Luthon64

P.S.: Given that blazing new avatar, perhaps a name change is in order.  I propose “orangeredV”…  Tongue
Logged
johanvz
Newbie
*

Skeptical ability: +2/-0
Offline Offline

Posts: 24


« Reply #2 on: May 30, 2009, 02:00:36 AM »

This is not only an ABSA problem. Standard Bank's mobile site also only requires the 5-digit pin. However, without access to my cellphone a criminal would only be able to view my account balance or pay one of my existing beneficiaries.

But, you have to wonder why they even bother with the additional password, as the mobile site can be accessed via a browser as well.
Logged
bluegray
Administrator
Hero Member
*****

Skeptical ability: +9/-3
Offline Offline

Posts: 1107



saskeptics
WWW
« Reply #3 on: June 18, 2009, 14:06:15 PM »

But, you have to wonder why they even bother with the additional password, as the mobile site can be accessed via a browser as well.
Exactly. At the moment I use the mobile site - much less hassle to log in Tongue

@'Luthon
I didn't think people would notice Tongue
Logged
haoyouji12
Newbie
*

Skeptical ability: +0/-0
Offline Offline

Posts: 1


« Reply #4 on: December 09, 2009, 16:34:18 PM »

Any more detail about This means that about 3,000 PINs (of a possible 100,000) cannot be used at all Huh?
Logged
Pages: [1]   Go Up
  Print  


 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.546 seconds with 24 sceptic queries.
Google visited last this page May 09, 2019, 17:04:51 PM
Privacy Policy