Transaction verification protects against Man-in-the-Middle attacks, where cybercriminals intercept communication between consumer and bank. Out-of-band authentication and one-time codes are used, but not foolproof. Consumers should be cautious of unknown sources and maintain virus protection.
Transaction verification protects consumers from fraud by ensuring that no changes have been made to a monetary transaction during processing. An Internet-based security measure, transaction verification is useful against Man-in-the-Middle attacks. In these attacks, a cybercriminal creates a bogus website that effectively intercepts the communication between a consumer and their bank, retailer or credit card company. The criminal is thus able to obtain the consumer’s personal information and use it. In a Man-in-the-Middle attack, neither the consumer nor the retailer knows that an outside party is eavesdropping on the conversation.
An example of a very powerful Man-in-the-Middle technology was the Silent Banker malware which infected over 400 banking websites worldwide in 2008. In this case, the malware was a rootkit which was implemented before that the browser’s anti-virus protection software is activated. in. Once the unsuspecting browser entered its authentication information into the bank’s website, the Silent Banker malware activated, changing the destination of the transaction to the criminal’s bank account.
Many websites and mobile software programs have implemented out-of-band technology for transaction verification. Presumably this method works because it takes the consumer outside of the browser where the criminal would be eavesdropping. The consumer would verify the transaction via a phone call or email. Unfortunately, out-of-band authentication is still susceptible to man-in-the-middle attacks, as such attacks use spoof websites. Thus, the consumer would not necessarily see that something was wrong with the site before providing authentication. He could actually call the criminal and give him his information over the phone.
Other websites have used one-time codes for transaction verification. In theory, only the consumer would know the code, so when they enter that code into the bank’s website, the bank is assured that the consumer is who they say they are. If the consumer’s operating system has been taken over by a malware program; however, he’s not the only person who has access to that code.
While it is not possible to fully protect a consumer from online fraud through transaction verification, there are some tips that can reduce the likelihood of a consumer falling into a Man-in-the-Middle trap. First, the consumer should be wary of any emails or text messages that are sent to them from an unknown source. Such communications should be deleted immediately and no links within such emails or text messages should be opened. Secondly, if the website suddenly changes its appearance, be careful when using it. It could be a Man-in-the-Middle lure site. If suspicious activity continues, call the organization that maintains the website. Finally, all computer users should maintain current virus and spyware protection as well as a firewall to minimize the likelihood of their computer being successfully attacked.
Protect your devices with Threat Protection by NordVPN
