https://www.credit-suisse.com/ch/pri...heit/index.jsp
I'm wondering if anyone here can give us a feedback on this new functionality.
Credit-Suisse is introducing a new security authentication based on SMS to mobile phones:
Not sure what kind of feedback you're looking for, but I'm using it and find it much better than the old system. I always have my handy nearby and don't have to remember to bring an extra item just to be able to log in.
Thanks CS.
ok so they just replaced the SecureID token by the SMS.
Did you use it when you were abroad (outside switzerland) ?
SMS authorization sounds great and I know someone who is happily using it.
However, this might not prevent the "man in the browser" vulnerability. http://en.wikipedia.org/wiki/Man_in_the_Browser
Banque cantonale vaudoise has been doing that for some time. Their alternative system is a grid card, with numbers you read off to fill in a blank on the Web login: not very secure if your card is compromised.
Credit suisse just sent me a new SecurID to replace a broken one, perhaps because I have a foreign address. I also have a Natel number but they didn't have it.
HSBC UK use a mobile (or fixed line) phone callback to confirm online foreign remittance instructions. Their computer reads off a number which you then fill in on the computer screen. Since their login system isn't all that secure (you are asked for 3 out of 7 or 8 numbers in your PIN) I think that's a good idea. I think Citibank in the USA do that as well.
Any browser based e-Banking is vulnerable to browser hacks.
I use the PostFinance Java client. Together with a smart-card reader
Migros Bank supply a special USB stick with a dedicated "hardened" browser.
http://www.migrosbank.ch/de/Ueberuns...bschluss09.htm (in German)
http://www.migrosbank.ch/fr/Ueberuns...bschluss09.htm (in French)