INTERMEDIATE PERSON ATTACK PROTECTION BY CAPTURING, ILLEGAL ACCOUNT SHARING BLACK LIST, AND SAFETY RATING METHOD

摘要

PROBLEM TO BE SOLVED: To eliminate the conventional necessity of distributing a token (random number list or one-time password) for protection from the illegal money transfer of network banking, particularly, an intermediate person attack.;SOLUTION: An inquiry is made about last transaction history at the time of logging-in (first authentication). For example, a method for (1) displaying and selecting nine pieces of transaction history and one dummy, (2) preparing and selecting a plurality of dummies, and (3) returning the sum of money of transaction history or transaction names is employed. When all questions fail, as a recovery measure, balance information may be accurately input (balance checking by ATM) or telephone authentication (Patent No. 3497799) may be utilized. After the logging-in, as an intermediate person attack countermeasure during transfer (second authentication), when a remittance is input, a server displays a remittee number sequence as a capture mage. Herein, an image difficult to be identified in OCR or the like is used. In addition, ten dummy images are prepared to be selected by a user. This operation may be performed several times. When a correct image is selected, money transfer is executed. In the case of those where the operation is not normally ended, considering that an intermediate person attack has been made, the server transmits a received account number as an illegal account number to a shared DB. Each bank server always checks this, detects money transfer to this account, and blocks illegal money transfer in advance. A ranking server always checks the safety of each bank, and evaluates safety ranking in real time. The evaluation value of the safety of each bank (illegal money transfer blocking rate or applied technology) is displayed together with an image file or the like on the top page of each bank.;COPYRIGHT: (C)2016,JPO&INPIT