Transaction authentication
- Transaction authentication
Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two or three factor authentication (Two-factor authentication: something you know plus something you have and/or something you are) at a transaction level, rather than at the traditional Session or Logon level.
An Internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method (see Two-factor authentication). Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser (MitB) attacks. This differs from Transaction verification, also an Internet based security method, which is specifically designed to combat so called Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques.
Wikimedia Foundation.
2010.
Look at other dictionaries:
Transaction authentication number — A Transaction authentication number or TAN is used by some online banking services as a form of single use passwords to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single password… … Wikipedia
Transaction verification — is the generic term to describe the Internet based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man in the Middle (MitM) and Man in the Browser (MitB). This form… … Wikipedia
Authentication — An ISO term. A process used, between a sender and a receiver, to ensure data integrity and to provide data origin authentication. The checking of a request (e.g.. to execute a financial transaction) to ensure that it is bona fide … International financial encyclopaedia
authentication key — /ɔθɛntəˈkeɪʃən ki/ (say awthentuh kayshuhn kee) noun a code which is based on a unique set of numbers, data relating to the transaction, etc., which authenticates and secures a data transfer. Also, digital key …
Two-factor authentication — (TFA, T FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi factor authentication, which is a defense in … Wikipedia
Chip Authentication Program — A GemAlto EZIO CAP Device Whitelabeled as Barclays PINSentry The Chip Authentication Program (CAP) is a MasterCard initiative and technical specification for using EMV banking smartcards for authenticating users and transactions in online and… … Wikipedia
Secure electronic transaction — (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the… … Wikipedia
Integrated Windows Authentication — (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT based… … Wikipedia
Electronic authentication — (E authentication) is the process of establishing confidence in user identities electronically presented to an information system. E authentication presents a technical challenge when this process involves the remote authentication of individual… … Wikipedia
Basic access authentication — In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials ndash; in the form of a user name and password ndash; when making a request.… … Wikipedia
