Transaction authentication

Transaction authentication generally refers to the Internet-based security method of securely identifying a user through Two-factor authentication or Three-factor authentication at a transaction level, rather than at the traditional Session or Logon level.

An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method. Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser (MitB) attacks. This differs from Transaction verification, also an Internet-based security method, which is specifically designed to combat so called Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques.