I have been using Union Bank of India’s Net Banking Service since more than 3 years now and have witnessed various security transformations that they did to secure their Net Banking transactions and applaud them for the same, BUT I believe there should be a perfect balance between Security and Convenience. As of now, If you have to perform a net banking transaction using Union Bank of India’s Net banking Service, you will have to go through 4 security checkpoints, which are discussed below.
1) The very first checkpoint is the Regular Net banking USER ID and Password, this is perfectly OK and appropriate. Its 128 bit SSL secured like most Banking Services.
2) The second checkpoint is what I believe is superfluous, where you are required to enter a 4 digit SECURE PIN and Hit on Generate OTP(which I believe is a resultant of the preset PIN and some Computer specific variable). This in real time, generates a One Time password with the combination of the PIN you entered and the computer specific variable.
3) Now comes the third checkpoint, One Time Password that is sent to your registered mobile phone for every Net Banking transaction. AND its a 8 Digit Alphanumeric password! I mean, are you kidding guys? What is the need of an 8 digit ALPHANUMERIC One Time Password? The user who has reached till this fin step is probably already pretty much authenticated, a simple 6 digit Numeric One time password would have been suffice.
4) The Last authentication is the the Transaction password(Which expires every 90 days) and according to me is also surplus, taking in account that the user is already authenticated in a 3 step process.
The Users using Net Banking Services are most of the time legitimate users and a couple of authentication steps should be just fine in order to authenticate them(specially when you are using a mechanism like One Time Password). Using a 4 step authentication process is far beyond the purpose it is serving, it’s just a transaction, not a nuclear missile attack that is to be accomplished.