Static Debit Card Passwords Expire Dec 22
EghtesadOnline: With the launch of one-time password for debit cards on December 22, all static passwords will be deactivated, the vice central bank governor for innovative technologies, said.
Mehran Moharamian said grounds are paved for launching the OTP by the beginning of the next calendar month on Dec. 22, and banks are informing customers about the plan, IBENA reported.
Earlier in the month the Central Bank of Iran announced a deadline based on which using the OTP would be obligatory for all non-card transactions from Dec. 22.
The CBI said banks and credit institutions are ready to offer OTP services, asking customers to activate the service before the deadline expires, Financial Tribune reported.
With the mandatory deadline approaching, there are far too many bank customers concerned about how the system will take effect.
In the meantime banks have started sending text messages inviting customers to activate OTP for their debit cards by installing a special application on their smart phones.
This is while most clients have accounts in more than one bank and obliging them to install multiple e-bank software would be one more hassle.
Moreover, there are clients who don’t have smart phones to run the application or simply cannot use the application.
To address these concerns, Moharamian said the CBI has developed a centralized system, dubbed Harim, for offering OTP via the short message service (SMS). The system would enable all customers to use OTP services.
Moharamian added that banks have not yet connected to the CBI’s new system, saying the platform will be up and running before the deadline.
This is while, observers say offering OTP via SMS platform will pose security risks while also overburdening the telecommunication network.
The one-time password, developed to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that gets discarded in 60 seconds.
This means that a potential intruder who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it because it will no longer be valid.
The crucial role of OTPs is that unlike static passwords, they are not vulnerable to replay attacks. An OTP is more secure than a static password, especially a user-created password, which may be weak or reused across multiple accounts.