Transaction authentication

Transaction authentication

Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two or three factor authentication (Two-factor authentication: something you know plus something you have and/or something you are) at a transaction level, rather than at the traditional Session or Logon level.

An Internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method (see Two-factor authentication). Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser (MitB) attacks. This differs from Transaction verification, also an Internet based security method, which is specifically designed to combat so called Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Transaction authentication number — A Transaction authentication number or TAN is used by some online banking services as a form of single use passwords to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single password… …   Wikipedia

  • Transaction verification — is the generic term to describe the Internet based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man in the Middle (MitM) and Man in the Browser (MitB). This form… …   Wikipedia

  • Authentication —   An ISO term. A process used, between a sender and a receiver, to ensure data integrity and to provide data origin authentication.   The checking of a request (e.g.. to execute a financial transaction) to ensure that it is bona fide …   International financial encyclopaedia

  • authentication key — /ɔθɛntəˈkeɪʃən ki/ (say awthentuh kayshuhn kee) noun a code which is based on a unique set of numbers, data relating to the transaction, etc., which authenticates and secures a data transfer. Also, digital key …  

  • Two-factor authentication — (TFA, T FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi factor authentication, which is a defense in …   Wikipedia

  • Chip Authentication Program — A GemAlto EZIO CAP Device Whitelabeled as Barclays PINSentry The Chip Authentication Program (CAP) is a MasterCard initiative and technical specification for using EMV banking smartcards for authenticating users and transactions in online and… …   Wikipedia

  • Secure electronic transaction — (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the… …   Wikipedia

  • Integrated Windows Authentication — (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT based… …   Wikipedia

  • Electronic authentication — (E authentication) is the process of establishing confidence in user identities electronically presented to an information system. E authentication presents a technical challenge when this process involves the remote authentication of individual… …   Wikipedia

  • Basic access authentication — In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials ndash; in the form of a user name and password ndash; when making a request.… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”