Transaction verification

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Transaction verification is the generic term to describe the Internet-based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB). This form of transaction protection is alternatively known as Transaction Intent Verification (TIV). Transaction Verification must utilise either Out-of-band technology (the use of two separate channels) or an independent signing device, e.g. a programmable card-reader, capable of having transactional information re-keyed into it in order to create a code cryptographically linked to the underlying transaction detail.

Transaction Verification should not be confused with Transaction authentication, which is simply a method of authenticating the identity of a user at the transaction level; transaction authentication does not include the verification of the integrity of the transaction content.

One effective way to perform Transaction Verification in a mass usage environment is to replay the transaction details to the user by placing a real-time, automated call to the user before the transaction is committed, or to send these details in SMS with a confirmation code.