Internet Banking in Germany

This page provides information about internet banking facilities and explains different options and security mechanism for online banking in Germany

Almost to access the checking account anywhere, anytime, is no longer a wishful thinking, but one of the pleasures of a largely mechanized world. Whether it is rather a blessing or a curse to be able to manage the financial affairs even in his pants pocket, is another question. The possibility exists anyway. On the whole, bank customers have three options to gain an overview, make reservations or reallocate the vault: the website of the bank or financial software applications, known as apps, for smart and iPhones.

Different options for Internet banking in Germany

1. Banks website

The classic and most important access route to the consumer online banking is the website of the financial institution. Sign in with by customer or account number and personal identification number to open the portals. Usually they offer on the home page an overview of the products and list the account respectively depot stands on. From here you can then call and initiate transactions from the transfer, fund the purchase different areas of the portal. In this regard, each bank uses its own system. For savers, the customer are the same at several banks, this means that you need to remember a lot of numbers and work into each portal. This is the classic online banking very safe and very comfortable solved in most companies.

2. Apps for mobile phones

Although one could also easily access the sites with any smart phone to take a look at the finances. Since the portals but are generally designed for large monitors, the banks have provided for replacement. Many companies offer their customers free applications that simply need to be loaded only on the iPhone or smartphone. Are the apps called open specially developed for the mobile Internet portals, such as requiring the “big brothers” in a log. The functionality varies from bank to bank. Make sense of the applications but usually only when really a transfer must be carried out urgently, you travel a lot and did not have a notebook on hand or for users who are constantly in terms of securities must be up to date in order to react in due time .

3. Banking software

Option number three in online banking is developed for this purpose financial software. The programs are offered by several manufacturers, but have enforced a few fee-based products. Sometimes banks offer their customers more favorable or completely free licenses if they opt for the method HBCI (Home Banking Computer Interface). This variant is regarded as currently the safest banking method. Users of the software will also benefit from uniform masks, which are the same for each bank – that is ideal for customers who have the money account at Bank A, the current account at Bank B and Bank C at the depot.

Safety mechanisms

Security for online banking over everything. For banks, that is, in the first place: Prevent others from accessing accounts. While the employees check in the stores based on the bank card and passport, whom they have the right to leave and approve each transaction by signing it online requires different mechanisms. Enforced has it the so-called PIN / TAN system. The personal identification number (PIN), the door opens and the transaction number (TAN) replaces the signature.

1.  Personal Identification Number (PIN)

In order to ever get access to banking portal, two pieces of information are required: the account or customer number and PIN, or a client password. The PIN takes on the role of quasi doorman. Customize account and identification number together, the door remains closed. If you try it several times and are always a wrong PIN, push some banks in addition a stop to. Then goes without consultation with the bank nothing. Only when the personal identification number is correct, it goes one step further. The PIN is provided by opening the account. Direct and branch banks send the PIN number on that in a separate letter. In part, the personal identification number can later change so that you can better remember the sequence of digits.

2.  Transaction numbers (TAN)

On the sides of the bank are then available to users on any path. However, they are provided with an additional safety lock. Whether a transfer executed, set up a standing order, made a change or the address is to be changed: Each transaction must be confirmed with a transaction number, a multi-digit number code. In the early days, the banks worked with TAN blocks with 50 or 100 transaction numbers. Where: Each number may only be used once and then loses its validity. Meanwhile, the TAN method has been improved several times. The TAN were numbered. Instead of having to select any transaction code to the bank stipulates explicitly that must be entered TAN. This is especially the phishing of finishing off to be made. Even more safety promise electronically calculated transaction numbers for a TAN generator is needed, and TAN, will be sent by SMS.

Security

The PIN / TAN system, however, is only safe if the customers to play by the rules. The personal identification number must not be publicly accessible and, for example, lying on the desk. The same applies to the TAN. PIN and transaction numbers should always be SEPA

3.  ITAN / ITAN PLUS

The classic TAN procedure in which bank customers can select any transaction number from a TAN list to confirm transfers or standing orders, already considered to be relatively safe. Weaknesses are phishing attacks, where fraudsters swindle the access to the checking account, including transaction numbers by email or fake bank sites and so-called man-in-the-middle attacks, in which chop the culprit in the system and transfer data in the background exchange. To close these gaps, the TAN method has been further improved. The result is iTAN and iTAN Plus.

The “i” in iTAN is indexed. Therefore, one also speaks of indexed TAN procedure. The difference with the previous approach is that the transaction numbers not just listed, but are also provided with item numbers. The customer receives a numbered TAN list. Instead of a random transaction number to pick from the list, the Bank is now explicitly available, with TAN which the process must be verified. Accepted in the booking and confirmation mask the transaction number is 37 requires that leads to the TAN index number 27 in an error message. Consequence: The booking is not running. If you have fallen for a phishing email and have access to the next also revealed some TAN, should the perpetrators have been very lucky that exactly this transaction numbers are required. But still man-in-the-middle attacks are possible.

THE ITAN PLUS PROCESS

In order to overcome this shortcoming also, some banks even go a step further and use the iTAN Plus process. The basis is the iTAN method with the indexed TAN list. As a plus is added an image control, a so-called Captcha. Before the customer enters the desired transaction number, he can control the image on the details of the transfer once again in peace. The captcha shows all transaction data and also the birth of the customer. Since scammers usually do not know when an account holder’s birthday, incorrect data would immediately notice. It is therefore almost impossible to fake the check image to redirect a transaction to another account. Disadvantage of the spelling is their readability. The normal entry requirement is the iTAN is visually easier to grasp, since it is plain text. For this, the control image provides the security and data thieves makes life extremely difficult.

4.  ONLINE BANKING WITH ETAN AND ETAN PLUS

The lists and blocks of transaction numbers will be obsolete by the eTAN and eTAN Plus process. In its place technology in the form of a TAN generator or a card reader. For bank customers, this means that you no longer need to handle labels with full numerical codes, but only need a small box, which is reminiscent of a calculator and provided by the Bank.

THE METHOD ETAN

In the simplest variant, in these devices is a TAN generator. Once a transaction is to be executed, such as a transfer, the bank’s system generates a control number and displays it online. This sequence of digits must be entered and confirmed in the TAN generator. The device then determines a transaction number which the reservation will be released. The system is very safe. Fraudsters who want to go with phishing e-mails to the bank and access, have no chance, because the transaction number is valid only with the appropriate check digit. However, the data traffic between the bank and the customer can be intercepted as before and the transfer will be forwarded to (man-in-the-middle attack).

THE ETAN PLUS PROCESS

This risk is largely off the eTAN Plus process. To the TAN generator is added to a card reader function. If the customer wants to transfer money or set up a standing order, the bank card must be inserted into the reader. As with eTAN method requires the TAN generator data so that it can work. Also here is a control number. Many systems require, moreover, that in addition the account number of the payee is entered. This information and data stored on the bank card-keys are the basis for calculating the transaction number. The fact that the account number flows with the TAN, are man-in-the-Middelburg attacks as well as phishing attempts Washed assigned.

Store the TAN generator safely

However, should thieves come into possession of the generator or the card reader and the bank card, they can still make transfers. Therefore, the equipment should be kept as safe as possible. Especially with pure TAN generators already rich the access to online banking (customer or account number and personal identification number) to vacate the checking account is empty.

5. CHIP-TAN PROCEDURE

The chip-TAN procedure constitutes a development of the electronic TAN procedure (eTAN) and provides even more security for online banking. What is needed is a special TAN generator that can read the data from the chip on the card not only but is also able to detect and evaluate animated graphics. This combination of map data and the generated code of the bank fraudsters can bite on granite. Neither phishing or trojan that redirect transfer orders to other accounts here have a chance.

ANIMATED BAR GRAPH INSTEAD OF CHECK DIGIT

The difference and hence the new in relation to eTAN method is that chip to the TAN-variant no more data have to be entered into the generator. Instead of a control number from which the device generates the transaction number, the bank will display an animated bar graph. To put it metaphorically: It flickers on several beams. Not arbitrarily, but according to a clearly defined pattern that is based on the remittance or transaction data. To obtain a tan, the card must be inserted into the bank TAN generator and the generator are held to the screen. The device processes the code and then calls the account number you want to transfer the money and the amount. Both data need to be confirmed.Only then the generator displays the transaction number. It is only valid for the current operation and can not be used for subsequent transfers or standing orders.

THE SAFETY ASPECT

Since the TAN is based on the bank account, the transaction amount and the key data on the chip, it is of very little scam if they should get hold of one of the numbers. The attempt to attract customers to a fake banking page and to persuade them to enter the personal identification number, the account or customer number and a TAN running into space. Similarly, with attacks that take place over a virus and allow the scammers to switch between bank and customer (man-in-the-middle). Would they change the data receiver, the transaction number would be worthless.Therefore the chip Tan is one of the safest method. The only downer: The generator is not usually free. But ten to 15 euros for the security are certainly a good investment.

6.  HBCI METHOD

HBCI stands for Home Banking Computer Interface, and is currently considered as the safest method for online banking. Instead of a personal identification number (PIN), transaction number (TAN) and the online portal for the bank customers need tailored to the HBCI method software, a card reader and a smart card. HBCI like acts as an interface that connects the system with the bank of the customer. The advantage HBCI or FinTS (Financial Transaction Services) as a further development are open standards that are not tied to a single bank.

A BRIEF HISTORY HBCI

The idea that bank customers are not using single bank portals, but a central interface through which all possible coordinated bank and can be managed, is a little older. Here is an overview of the changes:

• 1995: The banks, which have developed the HBCI methods, conduct initial trials.
• 1996: The Central Credit Committee (CCC) and has decided the new home banking standard.
• 1998 HBCI is now available in version 2.01, and is ready for practice.

HOW does HBCI WORK

Customers who want to work with HBCI, have a chip on their bank card application (if the HBCI bank offers). The customer data and the personal identification number are stored encrypted on the card. Instead of having to manually enter the PIN to log on to the bank, the data is read. Therefore, a reader for HBCI requirement. This apparatus and the software will work with any HBCI-enabled bank account and make the process multi-bank capability. Only for the individual bank’s own smart card must be present in each case.

WHAT does HBCI  COST?

The HBCI procedure itself is free. However, most banks charge a one time fee for the smart card. Moreover, in a card reader and the software needs to be invested. It should not be saved, eventually it comes to safety as well as comfort and some online banking.

SECURITY

Why HBCI is considered safe, is relatively easy to explain: Since neither a PIN or transaction numbers to be entered, but the data is exchanged directly with the bank about the card and the reader, viruses and key loggers have no chance, as fraud, the based on pharming or phishing. This only applies if the bank when HBCI method works with the card and reader. Will continue to access required standard of safety is not as high, but still perfectly adequate. To refrain entirely from PIN and TAN, you should think twice anyway: Finally, PC, card reader and smart card are not always and everywhere at hand.

How to make online banking safer?

Online banking is becoming more comfortable and at most banks is prerequisite that the account management fees will be waived. However, many consumers express concerns remain. Undoubtedly, there is a danger of being ripped off. But thanks to simple security measures and the careful handling of personal data, the risk of becoming a victim of fraudulent attacks, almost reduced to zero. The following aspects play a role:

• Operating System: Regardless of which operating system your PC or notebook is running, should always be taken to ensure that all security updates are installed. To always be up to date, it is recommended to automatically download the updates and let play. So you are on the safe side. The necessary settings are usually made ​​through the Control Panel.

• Browser: What is the operating system that should be heeded in the browser. Here also lurk security holes that are regularly “stuffed” with updates or newer versions.

• Encryption: Online Banking is encrypted only at all banks. These companies rely on the latest security technology. To recognize the encrypted transmission of data on “https” in the browser line. In addition, the certificate is displayed and alerted with a “padlock” that the transaction is secure.

• Anti Virus Software/Firewall: call banks to their customers on a regular basis, an anti-virus software and install a firewall. The programs that are designed to prevent viruses and nestle of third parties access to the computer, there are free or in paid versions. Important here are regular updates.

• PIN / TAN: Without personal identification number (PIN) and the customer or account number will remain the online banking access denied, and without transaction number (TAN), no booking be made. Therefore, these data may, in particular the PIN , never be publicly accessible. The PIN to write on a scrap of paper and place it under the keyboard, it would be grossly negligent. The same applies if the PIN mailer and the block with the TAN are simply kept in a drawer. Ideally, it closes this information in a safe place.

• Attention: Most fraud made ​​by e-mail or by means of counterfeit websites (phishing). Modern security software detects and blocks them from these experiments. But with a little common sense, the attacks are very easy to recognize. Banks require for example never more transaction numbers, either by email or on the access page for online banking. Acts changed the portal of the bank, which is missing is https or you are not sure: Better call the bank and ask instead of blindly entering data.