Neutrino Supercharged March 18, 2015 Share March 18, 2015 When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead. How does this 'token' work. How is the number generated and how is it verified by the bank??? ↡ Advertisement Link to post Share on other sites More sharing options...
Kangadrool Supersonic March 18, 2015 Share March 18, 2015 To me it functions like a "mind reader" I wonder how it works too since there are so many tokens and accounts...... But, I do encounter some issues before when logging in due to synchronisation issues for OneKey token. Link to post Share on other sites More sharing options...
Jman888 Moderator March 18, 2015 Share March 18, 2015 To me it functions like a "mind reader" I wonder how it works too since there are so many tokens and accounts...... But, I do encounter some issues before when logging in due to synchronisation issues for OneKey token. yalor i also wonder how the machine can communicate with each other the interesting one is from HSBC, the token come in some kind of code which is not as direct as keying the number appear, really amazing. Anyway nothing new as it has been around for more than 10 years. Link to post Share on other sites More sharing options...
Vid Hypersonic March 18, 2015 Share March 18, 2015 When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead. How does this 'token' work. How is the number generated and how is it verified by the bank??? Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token. 3 Link to post Share on other sites More sharing options...
Thaiyotakamli Supersonic March 18, 2015 Share March 18, 2015 yalor i also wonder how the machine can communicate with each other the interesting one is from HSBC, the token come in some kind of code which is not as direct as keying the number appear, really amazing. Anyway nothing new as it has been around for more than 10 years. Stanchart has token in their credit card last time, quite cool! Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient Link to post Share on other sites More sharing options...
Kangadrool Supersonic March 18, 2015 Share March 18, 2015 reckon there is a "formula" or various "formulas" to generate the code with the token's serial number. Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token. you will still need token to set up new payee, etc. Don't throw away that token. Stanchart has token in their credit card last time, quite cool!Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient 1 Link to post Share on other sites More sharing options...
Vid Hypersonic March 18, 2015 Share March 18, 2015 reckon there is a "formula" or various "formulas" to generate the code with the token's serial number. Likely a combination of a 256bit key, serial number and time so hacking is virtually impossible. Link to post Share on other sites More sharing options...
Jman888 Moderator March 18, 2015 Share March 18, 2015 reckon there is a "formula" or various "formulas" to generate the code with the token's serial number. you will still need token to set up new payee, etc. Don't throw away that token. no need token for UOB internet banking, even to set up new payee. i also dun like to carry any token around, hence only UOB is able to do that and i have stopped using the internet banking for the other banks. Link to post Share on other sites More sharing options...
Thaiyotakamli Supersonic March 18, 2015 Share March 18, 2015 reckon there is a "formula" or various "formulas" to generate the code with the token's serial number. you will still need token to set up new payee, etc. Don't throw away that token. I put in drawer, dunno which drawer hahaha Link to post Share on other sites More sharing options...
Ender Hypersonic March 18, 2015 Share March 18, 2015 Token is our modern days 生辰八字 . The things that happen in life is reduce to a 6 digit number. Link to post Share on other sites More sharing options...
Ictruall 5th Gear March 18, 2015 Share March 18, 2015 When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead. How does this 'token' work. How is the number generated and how is it verified by the bank??? too old to do these things.......just cheques or go to the counter and fill in form Link to post Share on other sites More sharing options...
Neutrino Supercharged March 18, 2015 Author Share March 18, 2015 Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token. Thanks. I always wondered how these tokens were able to work when used overseas. Even UK they work with Sing banks. Link to post Share on other sites More sharing options...
Duckduck Turbocharged March 18, 2015 Share March 18, 2015 prob unique serial with typical cryptographic has function... MD5 etc etc Link to post Share on other sites More sharing options...
Vid Hypersonic March 18, 2015 Share March 18, 2015 Thanks. I always wondered how these tokens were able to work when used overseas. Even UK they work with Sing banks. It doesn't matter where you are. The token has an internal timer which will generate the correct PIN each time Link to post Share on other sites More sharing options...
Sabian Turbocharged March 18, 2015 Share March 18, 2015 Thanks. I always wondered how these tokens were able to work when used overseas. Even UK they work with Sing banks. Your token is synchronized with the bank's authentication system. It is assigned to you and tagged to your login ID. If you have a RSA token, you'll see the 6 digit number there all the time and it keeps refreshing to a new set of numbers at a pre-determined time interval. Link to post Share on other sites More sharing options...
Adrianli Hypersonic March 18, 2015 Share March 18, 2015 Stanchart has token in their credit card last time, quite cool! Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient Yes. For my Standchart, my CC is the token. Amazing they can squeeze a battery, display n keypad into a flexible credit card. For UOB, u better use the token when overseas. Cause the number sms to you takes some time and by the time u receive it, the website expire liao. Thatz what happened to me when I was in Japan. KNN the number took 30mins to reach me. My token one digit unable to display so was depending on phone. Came back SG, immediately went to UOB bank and changed my token. Link to post Share on other sites More sharing options...
Ben5266 Supercharged March 18, 2015 Share March 18, 2015 (edited) Likely a combination of a 256bit key, serial number and time so hacking is virtually impossible. No. The token (SecurID) was hacked. The algo is known. Knowing the seed, algo and time, the attacker will be able to generate the number which matches the number generated in the back end server. It is not not safe anymore. Only the smartcard type is still safe. Read this if you are interested. http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/ Edited March 18, 2015 by Ben5266 Link to post Share on other sites More sharing options...
Neutrino Supercharged March 18, 2015 Author Share March 18, 2015 No. The token (SecurID) was hacked. The algo is known. Knowing the seed, algo and time, the attacker will be able to generate the number which matches the number generated in the back end server. It is not not safe anymore. Only the smartcard type is still safe. Read this if you are interested. http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/ That article is nearly 4 years old though. Things must've changed since then? ↡ Advertisement Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In NowRelated Discussions
Related Discussions
Websites of Singapore public hospitals, polyclinics down due to 'internet access disruption'
Websites of Singapore public hospitals, polyclinics down due to 'internet access disruption'
MyRepublic Vs Whizzcomms
MyRepublic Vs Whizzcomms
Paynow
Paynow
OCBC internet banking down?
OCBC internet banking down?
M1 fiber broadband down? 21 Dec 2020
M1 fiber broadband down? 21 Dec 2020
Huge part of internet down
Huge part of internet down
Hyflux RPCS aka Securities
Hyflux RPCS aka Securities
End of Internet Explorer
End of Internet Explorer