Abdolnasser Hemmati said the OTP is expected to significantly improve the safety of daily bank transactions for customers.
He pointed to a recently announced deadline, which makes using OTP mandatory for all banking transactions in less than two months, Financial Tribune reported.
“By launching the OTP service [after the deadline], the number of phishing attacks is expected to fall by almost 95%,” he was quoted as saying by IRNA.
The CBI said Sunday that banks and credit institutions are ready to offer OTP services, asking bank customers to activate the service by the end of next calendar month to December 21.
The regulator said transactions would be done only through OTPs after the deadline.
Hemmati dismissed rumors about hacking bank accounts, reiterating that some accounts had been emptied by phishing attacks and “the hacking of bank accounts is not true.”
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message.
Speaking on the sideline of a Cabinet meeting on Wednesday, Hemmati pointed to the myriad of complaints of bank customers to cyber police, saying that the most complaints are related to abuse of their non-card transactions.
The senior banker said the OTP service is free and banks are not allowed to charge any fee for it.
Invalid in 60 Seconds
The one-time password, developed to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that gets discarded in 60 seconds.
This means that a potential intruder who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it because it will no longer be valid.
The crucial role of OTPs is that unlike static passwords, they are not vulnerable to replay attacks. An OTP is more secure than a static password, especially a user-created password, which may be weak or reused across multiple accounts.