Transaction authentication
Encyclopedia
Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two or three factor authentication (Two-factor authentication
: something you know plus something you have and/or something you are) at a transaction level, rather than at the traditional Session or Logon level.
An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method (see Two-factor authentication
). Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser
(MitB) attacks. This differs from Transaction verification
, also an Internet based security method, which is specifically designed to combat so called Man-in-the-Middle (MitM) and Man-in-the-Browser
(MitB) attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques.
Two-factor authentication
Two-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...
: something you know plus something you have and/or something you are) at a transaction level, rather than at the traditional Session or Logon level.
An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method (see Two-factor authentication
Two-factor authentication
Two-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...
). Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser
Man in the Browser
Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
(MitB) attacks. This differs from Transaction verification
Transaction verification
Transaction verification is the generic term to describe the Internet-based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle and Man-in-the-Browser . This form of transaction protection is...
, also an Internet based security method, which is specifically designed to combat so called Man-in-the-Middle (MitM) and Man-in-the-Browser
Man in the Browser
Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
(MitB) attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques.