[Dshield] ID theft ring hits 50 banks, firm says

Tony Earnshaw tonye at billy.demon.nl
Tue Aug 9 17:55:40 GMT 2005

tir, 09.08.2005 kl. 16.58 skrev Johannes B. Ullrich:

> > they use a machine-based (I get a credit-card sized
> > but thicker "calculator", at no cost to me) one-time challenge/response
> > protocol over https for admission to Internet users' accounts and a
> > separate challenge/response, once "inside" that account, for any
> > transaction attempted.
> True. ING does not use one time passwords in the US. Only in Europe.
> I yet have to figure out why. But in Europe, one time passwords are the
> norm.

Not so; I live in The Netherlands (sic), the home of ING Bank and where
I use my calculator. 

Same with all other banks in The Netherlands, one-time passwords have
never been used since i started Internet banking around five years ago
and with others I know (customers of mine) over ten years ago.

Previously you mentioned one-time passwords in connection with Germany.
Germany is not Holland.


mail: tonye at billy.demon.nl

More information about the list mailing list