Jump to content
MCF HangOut X Lexus – 9 May 2024, Lexus Boutique ×

Internet Banking

Neutrino

By Neutrino,
in Lite & EZ

 Share

Recommended Posts

Neutrino

Neutrino

Supercharged

When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead.

 

How does this 'token' work.

 

How is the number generated and how is it verified by the bank???

↡ Advertisement
Link to post
Share on other sites
Kangadrool

Kangadrool

Supersonic

To me it functions like a "mind reader" [laugh] I wonder how it works too since there are so many tokens and accounts...... But, I do encounter some issues before when logging in due to synchronisation issues for OneKey token.

Link to post
Share on other sites
Jman888

Jman888

Moderator

To me it functions like a "mind reader" [laugh] I wonder how it works too since there are so many tokens and accounts...... But, I do encounter some issues before when logging in due to synchronisation issues for OneKey token.

 

 

yalor i also wonder how the machine can communicate with each other [laugh]

 

the interesting one is from HSBC, the token come in some kind of code which is not as direct as keying the number appear, really amazing. Anyway nothing new as it has been around for more than 10 years.

Link to post
Share on other sites
Vid

Vid

Hypersonic

When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead.

 

How does this 'token' work.

 

How is the number generated and how is it verified by the bank???

 

Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token.

  • Praise 3
Link to post
Share on other sites
Thaiyotakamli

Thaiyotakamli

Supersonic

 

 

yalor i also wonder how the machine can communicate with each other [laugh]

 

the interesting one is from HSBC, the token come in some kind of code which is not as direct as keying the number appear, really amazing. Anyway nothing new as it has been around for more than 10 years.

Stanchart has token in their credit card last time, quite cool!

 

 

Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient

Link to post
Share on other sites
Kangadrool

Kangadrool

Supersonic

reckon there is a "formula" or various "formulas" to generate the code with the token's serial number.

 

 

 

Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token.

 


you will still need token to set up new payee, etc. Don't throw away that token. [laugh]

 

Stanchart has token in their credit card last time, quite cool!


Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient

 

  • Praise 1
Link to post
Share on other sites
Vid

Vid

Hypersonic

reckon there is a "formula" or various "formulas" to generate the code with the token's serial number.

 

 

 

 

Likely a combination of a 256bit key, serial number and time so hacking is virtually impossible.

Link to post
Share on other sites
Jman888

Jman888

Moderator

reckon there is a "formula" or various "formulas" to generate the code with the token's serial number.

 

 

 

you will still need token to set up new payee, etc. Don't throw away that token. [laugh]

 

 

 

 

no need token for UOB internet banking, even to set up new payee. i also dun like to carry any token around, hence only UOB is able to do that and i have stopped using the internet banking for the other banks.

Link to post
Share on other sites
Thaiyotakamli

Thaiyotakamli

Supersonic

reckon there is a "formula" or various "formulas" to generate the code with the token's serial number.

 

 

 

 

you will still need token to set up new payee, etc. Don't throw away that token. [laugh]

 

 

I put in drawer, dunno which drawer hahaha

Link to post
Share on other sites
Ictruall

Ictruall

5th Gear

When you transfer money by internet banking or pay a bill by internet banking, nowadays you have a dewberry or token or whatever the piece of kit is called which generates a number which has to be included in the transaction for the payment to go ahead.

 

How does this 'token' work.

 

How is the number generated and how is it verified by the bank???

too old to do these things.......just cheques or go to the counter and fill in form [laugh][laugh]

Link to post
Share on other sites
Neutrino

Neutrino

Supercharged
  • Author

 

Every token has a serial number that you have to register to link your account. Which is why only 1 token in the world will work with your account. The numbers are time generated so the bank system will know that you are the one using the token.

 

Thanks.

 

I always wondered how these tokens were able to work when used overseas.

Even UK they work with Sing banks.

Link to post
Share on other sites
Vid

Vid

Hypersonic

 

Thanks.

 

I always wondered how these tokens were able to work when used overseas.

Even UK they work with Sing banks.

 

It doesn't matter where you are. The token has an internal timer which will generate the correct PIN each time [sunny]

Link to post
Share on other sites
Sabian

Sabian

Turbocharged

 

Thanks.

 

I always wondered how these tokens were able to work when used overseas.

Even UK they work with Sing banks.

 

Your token is synchronized with the bank's authentication system.

 

It is assigned to you and tagged to your login ID.

 

If you have a RSA token, you'll see the 6 digit number there all the time and it keeps refreshing to a new set of numbers at a pre-determined time interval.

Link to post
Share on other sites
Adrianli

Adrianli

Hypersonic

Stanchart has token in their credit card last time, quite cool!

 

 

Anyway I am using uob Internet banking, use phone as token so I dont need to carry bank token, much more convenient

 

Yes. For my Standchart, my CC is the token. Amazing they can squeeze a battery, display n keypad into a flexible credit card.

 

 

For UOB, u better use the token when overseas. Cause the number sms to you takes some time and by the time u receive it, the website expire liao. Thatz what happened to me when I was in Japan. KNN the number took 30mins to reach me. My token one digit unable to display so was depending on phone. Came back SG, immediately went to UOB bank and changed my token.

Link to post
Share on other sites
Ben5266

Ben5266

Supercharged
(edited)

 

Likely a combination of a 256bit key, serial number and time so hacking is virtually impossible.

No. The token (SecurID) was hacked. The algo is known. Knowing the seed, algo and time, the attacker will be able to generate the number which matches the number generated in the back end server.

It is not not safe anymore.

Only the smartcard type is still safe.

 

Read this if you are interested.

http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/

Edited by Ben5266
Link to post
Share on other sites
Neutrino

Neutrino

Supercharged
  • Author

No. The token (SecurID) was hacked. The algo is known. Knowing the seed, algo and time, the attacker will be able to generate the number which matches the number generated in the back end server.

It is not not safe anymore.

Only the smartcard type is still safe.

 

Read this if you are interested.

http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/

 

That article is nearly 4 years old though.

Things must've changed since then?

↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...