Transaction verification is the generic term to describe the Internet-based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB). This form of transaction protection is alternatively known as Transaction Intent Verification (TIV). Transaction Verification must utilise either Out-of-band technology (the use of two separate channels) or an independent signing device, e.g. a programmable card-reader, capable of having transactional information re-keyed into it in order to create a code cryptographically linked to the underlying transaction detail.
Transaction Verification should not be confused with Transaction authentication, which is simply a method of authenticating the identity of a user at the transaction level; transaction authentication does not include the verification of the integrity of the transaction content.
One effective way to perform Transaction Verification in a mass usage environment is to replay the transaction details to the user by placing a real-time, automated call to the user before the transaction is committed, or to send these details in SMS with a confirmation code.
|This computer security article is a stub. You can help Wikipedia by expanding it.|
|This computer networking article is a stub. You can help Wikipedia by expanding it.|