Rabobank to sign online banking transactions with VASCO's CrontoSign


Rabobank is introducing VASCO's CrontoSign technology to sign online banking transactions. CrontoScan is basically a DIGIPASS token (Vasco's widely used OTP generator that authenticates users at login), with an added camera and new functionality. When the user sets up a transaction during a banking session, the bank server generates a color QR code, which is displayed on the user's computer screen. The QR code is a cryptogram of the intended transaction data. The user takes a picture of this with the camera on the token device. The device then decrypts the QR code and displays the transaction data as entered by the user, on the token device. The technology is claimed to be effective against MITM attacks (no security details are provided, so can't comment on that one way or the other, but it looks like a classic TAN technique) The CrontoScan technology was originally developed by Cronto, a UK startup which Vasco acquired in May, 2013. Cronto still maintains it's own website. The Rabobank version is branded as 'Raboscan'.

Via the Paypers (sic)