Postbank wants to put a stop to Internet fraud. In recent months, wave after wave of criminals have tried to obtain transaction numbers (TAN) from those doing online banking. A stop is to be put to this. As the first large bank, Postbank is introducing the so-called indexed transaction number (iTAN). It has the following advantage. Previously the bank accepted any TAN from the list. As of now, it requires the customer to use a specific TAN. Even if the fraudster obtains this iTAN, it is without value. For the bank computer demands another iTAN the next time an online booking is made. Of course, Postbank customers may still not divulge their data should fraudsters ask them to do so. Banks never request customers to enter personal data on an unsecure site. What is more, Postbank urges the deployment of virus scanners and a firewall, as well as the use of operating system updates to prevent Trojans.

Mobile TAN extended
As of now, the mobile TAN (mTAN), used in the Retail portal “Postbank direct” since 2003, can be used in classical online banking. The mTAN offers a high degree of flexibility and the highest levels of protection against fraudsters. Only when the order is released is the mTAN generated by online banking and sent to the customer via a text message. The mTAN is valid only for the requested transfer and only for a short period. It thus has no value for a fraudster.

Further security functions
What is new is a transfer limit which can be lowered individually. Previously there was a top amount of EUR 3000 per transfer. Now each customer can set his or her own limit and change it at any time. New TAN lists which the customer receives by post only apply after activation. In online banking, a TAN for the old list is used to activate the new list. This activation requirement excludes the risk of delivery by post. Also new is the fact that the security status in online banking can be displayed at any time. At one glance, the customer can see when he or she last accessed the account, how many TANs are still available and which services were activated.

How iTAN functions
Previously online banking orders were made on the basis of any TAN from a list of 100 TANs. Now online banking demands a specific TAN from the list, for example, TAN with the number 70. Only this indexed TAN is valid for this transaction. No other TAN works. This foils the phisher attempts to trick customers with forged e-mails into divulging their TANs. A person attempting to initiate a fraudulent transfer with a stolen TAN is now thwarted by the secure iTAN method.

Successively all online customers are to be automatically sent new TAN lists. With each TAN list a brochure is enclosed explaining the new method in detail. Until the new TAN lists have been sent, the old TAN lists can be used in the normal manner. Those who do not want to wait can request the new TAN lists. To do this, in Online Banking select “Settings”, “Order new TAN list”. There is no fee for this conversion. This changeover does not impact the customer’s online PINs.