Central Bank of Iran says use of one-time-password (OTP) has resulted in a significant drop in phishing and exposure of sensitive information about bank accounts.
Phishing cases in the last month of the previous fiscal year (Feb-March, 2020) were 85-90% less than the average number in the first quarter of the year, the CBI reported on its website.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message.
"CBI studies regarding the security of online payment gateways indicate an upside in total number of phishing attempts in the first three quarters of the previous fiscal year. However, a huge decrease was recorded in phishing in the fourth quarter (Jan-March 2020)."
In January and in a move to curb cybercrime related to debit card fraud and boost security of the rapidly growing online banking, the CBI instructed banks and credit institutions to offer OTPs to protect their clients' ID and bank accounts.
The one-time password, developed to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that gets discarded in 60 seconds.
This means that a potential intruder who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it because it will no longer be valid.
The total number of phishing cases had recorded an annual increase of 400% in the first three months of the previous year.
Experts had been expecting a sharp decline in the number of online transactions after the implementation of the CBI plan because it would make the process complicated for cardholders.
However, a monthly report published by Shaparak Company, the body in charge of supervising national electronic payments, does not show significant decline in the total online transactions in the first two months of OTP implementation (Jan 20 to March 19.)
Moreover, the coronavirus pandemic has given a big boost to online banking by the general public as most prefer to stay away from banks and ATM machines available at every nook and corner in all major urban areas in the country.
