Germany's Commerzbank has deployed technology from UK vendor Cronto that enables online banking customers to authenticate transactions by taking a photo of their PC screens with their mobile phones.
Commerzbank is offering the Cronto Visual Transaction Signing system to selected customers to secure verification of funds transfer instructions. It will the first bank to deploy the technology, which was originally developed at the University of Cambridge.
When a customer signs in to bank online or make a transaction, they are presented with a unique graphical cryptogram consisting of a matrix of coloured dots displayed on their PC screen.
The customer then takes a photo of the image on the screen using their mobile phone. Cronto's photoTAN software - downloaded into the customer's phone - is then used to authenticate the transaction.
Critical transaction information, like payment details, are displayed on the phone's screen to confirm it has not been tampered with. An authentication code is then generated and passed back to the bank's server to complete the transaction.
Cronto says its technology eliminates the inconvenience of entering transaction details manually into separate authentication devices.
In addition, by removing the need to re-key information it offers a far higher level of security than traditional external authenticator-based offerings which are open to man-in-the-middle attacks where criminals can potentially trick customers into entering the wrong information into their devices.
Kai Buchholz-Stepputtis, head, security consulting and research, Commerzbank, says: "Cronto's innovative solution based on the unique Visual Cryptogram offers protection against the most sophisticated fraud techniques such as "Man-in-the-Browser" Trojans."