Transaction verification
Encyclopedia
Transaction verification is the generic term to describe the Internet-based security
method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle (MitM) and Man-in-the-Browser
(MitB). This form of transaction protection is alternatively known as Transaction Integrity Verification (TIV). Transaction Verification must utilise either Out-of-band
technology (the use of two separate channels) or an independent signing device, e.g. a programmable card-reader, capable of having transactional information re-keyed into it in order to create a code cryptographically linked to the underlying transaction detail.
Transaction Verification should not be confused with Transaction authentication
, which is simply a method of authenticating the identity of a user at the transaction level; transaction authentication does not include the verification of the integrity of the transaction content.
One effective way to perform Transaction Verification in a mass usage environment is to replay the transaction details to the user by placing a real-time, automated call to the user before the transaction is committed, or to send these details in SMS
with a confirmation code.
Internet security
Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud,...
method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle (MitM) and Man-in-the-Browser
Man in the Browser
Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
(MitB). This form of transaction protection is alternatively known as Transaction Integrity Verification (TIV). Transaction Verification must utilise either Out-of-band
Out-of-band
The term out-of-band has different uses in communications and telecommunication. In case of out-of-band control signaling, signaling bits are sent in special order in a dedicated signaling frame...
technology (the use of two separate channels) or an independent signing device, e.g. a programmable card-reader, capable of having transactional information re-keyed into it in order to create a code cryptographically linked to the underlying transaction detail.
Transaction Verification should not be confused with Transaction authentication
Transaction authentication
Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two or three factor authentication at a transaction level, rather than at the traditional Session or Logon level.An internet banking application may allow a customer to...
, which is simply a method of authenticating the identity of a user at the transaction level; transaction authentication does not include the verification of the integrity of the transaction content.
One effective way to perform Transaction Verification in a mass usage environment is to replay the transaction details to the user by placing a real-time, automated call to the user before the transaction is committed, or to send these details in SMS
SMS
SMS is a form of text messaging communication on phones and mobile phones. The terms SMS or sms may also refer to:- Computer hardware :...
with a confirmation code.