Subscribe
Sectors
Companies

One-time PINs a 'resounding success'

By Christelle du Toit, ITWeb senior journalist
Johannesburg, 24 Aug 2007

The one-time PIN (OTP) has proved to be successful in preventing online fraud in SA.

This is according to Standard Bank head of IT security Pat Pather, who says the bank is pleased with the impact the security measure has had on curbing online phishing attacks.

"Since introducing the OTP, we have had no instances in terms of losses from online fraud and we have about 600 000 Internet banking customers," says Pather.

Standard Bank's OTPs expire within 15 minutes of being issued, in a bid to further prevent fraud from occurring.

Pather says the bank is moving away from providing OTPs via e-mail, as the machine receiving the mail is usually the one that has already been compromised.

Furthermore, he says the bank's research indicates cellphones have become "part and parcel" of South African culture. Most people have their phones with them at all times and can easily access the OTP in this way, he notes.

People generally report a missing cellphone within 30 minutes of losing it. This means fraudsters stealing a phone for an OTP have a short window of opportunity to commit the crime.

The bank wants to introduce events-based cards that generate random access codes every 37 seconds. However, it is still investigating ways of reducing the cost of such cards.

Secure alternative

Most of the big banks in SA tout the use of cellphone banking technology as a safe mode of electronic banking.

Absa spokesman Deon Oosthuizen says Absa was the first to introduce OTPs in SA in 2003. He notes these have had a "significantly favourable impact" on curbing fraud occurrences. In addition, the bank provides anti-virus software to load on Internet-enabled cellphones to further protect its customers.

Nedbank head of virtual channels Lee Albertyn maintains Nedbank was in fact the first, in 2002, to offer an OTP facility, where certain transactions require a PIN that has been sent to the relevant Internet banking client.

He says the bank advises its clients to avoid Internet caf'es and other public terminals "and to use other channels, such as cellphone banking, as a secure alternative".

First National Bank was not available for comment at the time of publication.

Related stories:
Keep track of cellphones
Telkom signs R225m 2010 deal

Share