The German retail bank Postbank AG, one of the country’s largest consumer banks, has announced a new plan to prevent phishers from capturing and misusing transaction numbers required of customers making money transfers through online banking.
About 15% (1.7 million) of Postbank’s 11 million customers have online banking accounts.
The bank was the victim of a major phishing attack last year. These attacks use phony e-mail and fraudulent Web sites to trick recipients into entering personal financial data such as credit card numbers, account user names, and passwords.
“Phishing,” also called “carding” or “spoofing,” is a high-tech scam that uses e-mail spam to trick consumers into giving out personal information such as credit card numbers, bank account information, or Social Security numbers. The stolen information is then used to steal money or commit identity theft.
“Phishers” will commonly copy a Web page from a popular site, such as an Internet service provider or a financial services company, and set up a replica page that appears to be a part of the company’s actual site. Then they will send an email to unsuspecting consumers containing a link to the replica page and ask them for personal information.
Once the consumer enters the data and submits the form, the scammer has all of their information and the user has no idea that a scam even occurred until it is too late. It is estimated that between 1% and 20% of these scams actually succeed.
Phishing attacks are on the rise and consumers should be extremely careful to avoid this scam. If you receive an email that asks you to click on a link and enter you’re billing information in order to prevent your account from being closed or to “update” your information, do not reply or click on the link.
Companies doing business over the internet will never ask for personal information without properly identifying themselves. Emails that are generic and which are not addressed to you by name are likely to be bogus and should never be opened.
Consumers should immediately contact the “real” company by using a legitimate telephone number or interactive website once a scam is detected or even suspected in order to report the problem.
Post bank will be the first bank in Germany to offer "indexed" transaction numbers, or iTANs. Currently, Postbank customers are required to type in their PIN (personal identification number) followed by a TAN from a list provided by the bank when transferring money electronically from their account to another.
In Germany, most banks providing online services operate with this PIN-TAN combination service.
With the new iTAN service, online customers are told by the computer which TAN to use, and only that TAN will then allow them to complete the transaction. Alongside each five-digit TAN appears an index number, which the computer uses to point customers to the specific TAN that must be used for that particular transaction.
As an additional precaution, Postbank customers can set a limit on the amount of money that can be transferred from their accounts online.