6

Today I noticed how incredibly insecure IBANs are.

You give it to anyone who wants to transfer money to your bank account, and all you need to perform a transaction is an IBAN, the account holders name and his signature.

So anyone who has your IBAN, your name and your signature (which all can occur in a single mail) can just send himself money from your account, cash out and move away. Noone can prove that it wasn't you who did the transaction and you couldnt find the guy.

And this is what all the banks in Europe use? What am I missing here?... how can a system this important be this insecure?

Comments
  • 0
    please explain.... i was once totally perplex as i learned about swift messaging, but i assume u mean smt else?
  • 5
    IBAN is just a bankaccount number system. The dutch bank system doesnt allow this type of transactions for example but we do have iBAN.

    The way cheques work in the US is also pretty easy to commit fraud with (if it works a bit like in series and movies), but personally I've never seen a cheque because its not available in the Netherlands.
  • 2
    what signature? I never signed anything exept my bank card.
    And as far as i know you can only send money when you have access to your personal bank account. Usually via ebanking or app.
  • 0
    Maybe its just how my local bank works. There you can make a transaction by filling out a form:
    - Reciever name
    - Receiver IBAN
    - Amount
    - Sender name
    - Sender IBAN
    - Sender hand-written signature

    There could at least be some code you have to give with your transaction, basically the private key, to confirm that you are the owner of that IBAN and are allowed to send money from it.
  • 0
    a bank needs an order, this can be a written piece of paper, an post request from their site or an order over fints. this is verified by the bank and added to the order stack. at an static time all orders are sent over swift to the other bank. that processes the swift message and the money is there.
  • 1
    and zhe iban is an identifier, you cant get money so easy from an iban, because the sender bank verifies the transaction order, that can be a tan and/or math
  • 1
    @stop there is no tan when making a transaction with a paper transaction form. all they have to verify the transaction is the name and the signature, which can easily be replicated
  • 0
    @simulate what country do you live in?
  • 2
    @simulate every bank has system for fraud detection. in germany where you and i live banks must pay to the person back if they made an error in the fraud detection.
  • 1
Add Comment