Dr. Security gives tips and answers questions related to cyber security. This time it's about the security of payments via eBanking.
Dear Dr. Security, when I am making an online eBanking transaction, sometimes my bank sends me an SMS message with transaction details and a code I have to enter in the browser. Is this for security reasons? (Doreen, Altstetten Zurich)
That is a very interesting question that will require a short explanation on what happens when you make a transaction in your eBanking. First, when you enter the amount you want to pay to someone in your eBanking, the bank checks for a number of parameters to classify the transaction as normal or potentially fraudulent. For example, every time you send money to a new recipient, or you make a bank transfer of a large amount, the system flags this particular transaction as to be additionally checked. To check that this transaction really comes from you, and the information is correct, the bank sends you a message containing the amount and beneficiary of the transaction together with a code that uniquely identifies this particular transaction.
The SMS you mentioned is one way of performing this transaction check: It uses a different communication channel to you from the eBanking one, and it asks you to verify the details of the transaction. Entering the unique code into the browser gives the bank the guarantee that you are ok with this transaction. It's important to check the details in the SMS when this happens. Unfortunately, SMS are not considered as secure anymore because criminals can intercept and modify them, posing a great risk.
At Futurae, we offer modular transaction confirmation solutions that are secure, easy to use, and reliable. You can confirm the transaction details in a secure app on your smartphone with a simple click of a button combined with the fingerprint or the faceID of your phone. For you, as a user, this is more convenient: you don't have to type any code into the web browser anymore. For the banks, this offers higher security than other solutions.
By the way, the same applies when you make a credit card purchase online. Futurae transaction confirmation solutions work both for eBanking as well as for credit card payments. You can see in these screenshots how it looks to approve eBanking as well as Credit Card payments using the Futurae mobile app, or a mobile banking secure app that uses the Futurae SDK and back-end.
I hope this explain better what happens when you next time make online payments. Don't hesitate to get in touch with me again.
Best, your Doc
I am happy to answer your questions, so do not hesitate to write to the Doctor at: email@example.com.