Almost a year after the Central Bank of Iran announced the one-time password (OTP) compulsory, the payment regulator says the move has significantly reduced phishing and suspicious transactions.
CBI data indicates that "suspicious transactions" declined more than 85% during the course of one year since the OTP camde into force, the Monetary and Banking Research Institute news agency, IBENA, reported. It said the move was "a big success for the CBI and the banking industry in fighting internet fraud.”
To curb cybercrime related to debit card fraud and boost the security of online banking, the CBI last year instructed banks and credit institutions to offer OTP service to protect clients' ID and bank account data.
OTP, developed to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that is invalidated in 60 seconds.
In short, a potential intruder who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it because it.
The crucial role of OTP is that unlike static passwords, it is not vulnerable to repeat attacks and is more secure than a static password, especially a user-created password, which may be weak or reused across multiple accounts.
The regulator made OTP compulsory for online transactions amid unprecedented increase in the number of debit card fraud and illegal withdrawals from bank accounts. Phishing cases had recorded an annual increase of 400% in the first three months of the previous year (2019-20).
Before implementing OTP, phishing attacks accounted for 65% of cybercrime in Iran. More than 23,000 cases of fraud were registered only by the Tehran cyber police in the nine months before the OTP.
