Transaction Verification | Payee Verification
As online banking and mobile banking have become more popular, cybercriminals have found more insidious ways to take over accounts and intercept transactions that are in progress. Key loggers can be used to harvest account numbers, usernames, and passwords which will permit a criminal to log in to an account as if they were the legitimate account holder.
Man-in-the-middle and man-in-the-browser attacks are used to intercept transactions in progress and manipulate the details without the legitimate account holder's knowledge. Typically, the amount of a transaction and the destination account are changed. The user believes they have sent $98 to the electric company, instead $980 has been directed to a different account.
Attacks and exploits at the transaction level have become serious enough to warrant specific mention in the July 2011 FFIEC Supplement to Authentication in an Internet Banking Environment.
Phone-based, out-of-band authentication is ideally suited to validate a transaction or the addition of a new payee to an electronic funds transfer enabled account. The cybercriminal may be able to steal account credential or redirect a payment, but it raises the bar if they must also coordinate an attack against the legitimate account holder's telephone.
In the simplest scenario, when an account is being used and a transaction amount is larger than "normal' or a new payee is encountered on the bank side, the end user's telephone will ring. The legitimate user will hear the transaction details "vocalized" by a human voice, (no cyber-voices with Authentify applications). For example, the user will hear "Hello, this is XYZ financial, if you are sending nine hundred and eighty dollars to an account ending in 4521, please enter the confirmation code displayed in your browser window".
Authentify also offers transaction verification via the smart phone app, Authentify 2CHK®.
To learn more about Authentify 2CHK click here.