Probably not Thailand related, just a general knowledge question pointed to those with banking technology know how.

I have 2 Tokens from different Australian banking institutions used for internet transactions:-

#1 - When asked for I need to press a button, a 6 digit number appears which I have to enter into the a field.

#2 - The Token is on 24/7 and generates a new number every minute or so. When asked for I just enter the number as seen at the time.

Neither Token has a physical or wireless interface to my hardware.

Can someone explain to me how the system works? I can't believe some sort of internal clock is so accurate as to keep in sink with the banks server for 5 years (normal life of the Tokens battery).

And yes I've done a Google search on the subject and totally confused!

BTW. I use the OTP system for my Thai account and find it works well here and overseas.

Guess you have a thing like this:

http://en.wikipedia.org/wiki/RSA_SecurID

And yes, it seems to be designed to create a new OTP every 60 seconds over its lifetime.

There seems to be enough tolerance (a couple of minutes) at the server site to compensate for the clock drift.

Also sounds like the server will adjust the clock drift for your token individually.

Clock drift even for cheap quartz clocks is not much worse than a minute per month or so.

I don't want to speculate more.

Maybe someone has a well founded explanation.

I am only familiar with OTP by a generator reading my smartcard and OTP via cellphone SMS as used in Thailand.

I have the token as in the second picture on the linked page by KhunBENQ. Once, the online banking system didn't accept the code. I gave a call to my bank and they told me they will reset it. After a few minutes it worked again. They told me, this issue can appear, when the token is not used for longer time of period. So i guess, every time you use it, the system will synchronize the timing. But in all the years only one time this happens.

<snip> So i guess, every time you use it, the system will synchronize the timing. <snip>

Thank you - now that makes sense! I've never had your problem but then use both Tokens at least once a week.

@ BENQ

I guess the Tokens fall into the "Disconnected Tokens" category on this site:.

http://en.wikipedia.org/wiki/Security_token

The #2 Token is EXACTLY as pictured 2nd down on the site you posted.

your token has a serial number on it, this number references a corresponding Random Number Generator in the banks computer. The number changes every so often (set by the program. The same program is in your token. They change generating the same number every 30 or 60 seconds. fairly fool proof system. I have one for my BizBanking account at Bangkok Bank. As long as the banks internal security is maintained things run smoothly and are secure. A low cost effective and secure system.