• Business And Markets

    OTP Reduces Phishing by 85%

    Shaparak Company, the Central Bank of Iran affiliated company supervising the domestic e-payment network, recorded 85% decline in phishing cases since the implementation of the mandatory one-time password for bank cards. 

    "However, hackers are busy with new schemes and tricks to deceive the people and steal their bank information…We need to work more on raising public awareness about new fraud methods as hackers abuse the lack of cardholders' awareness in financial cybercrime," Kazem Dehqan was quoted as saying by IBENA. 

    To curb cybercrime related to debit card fraud and boost security of online banking, the CBI last year instructed banks and credit institutions to adopt OTPs to protect their clients ID and banking information.

    OTP, created to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that is invalidated in 60 seconds.

    In short, a potential intruder who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it.

    In an update, the Central Bank of Iran on Monday denied rumors about the possibility of hacking OTPs. 

    "The CBI has taken steps to protect the people against cybercrime and phishings; however, this does not necessarily mean that bank accounts are completely safe. Therefore account holders need to exercise caution when using online tools," it said in a press release.

    "There are reports that users have granted complete access to their smart phones to hackers," the press statement noted. 

    The CBI called on the public to be cautious about links sent by fake users that steal OTPs after users click without being aware of the functions of the links. 

    The key benefit of OTP is that unlike static passwords it is not vulnerable to repeat attacks and is more secure than a static password, especially a user-created password, which may be weak or reused across multiple accounts. 

    The regulator made OTP compulsory for online transactions amid unprecedented increase in debit card fraud and illegal withdrawals from bank accounts.  Phishing cases had recorded an annual increase of 400% in the first three months of last  year (2019-20). 

    Before implementing OTP, phishing attacks accounted for 65% of cybercrime in Iran. More than 23,000 cases of fraud were registered by the Tehran Cyber Police in nine months before the launching of OTP.