informa
2 MIN READ
Products & Releases

FireID Debuts Out-Of-Band Transaction Verification Application

FireID Transaction Verification ensures only legitimate online transactions and payments are made
Stellenbosch, South Africa—May 3, 2010—FireID (Pty) Ltd, a leading provider of world-class security applications for mobile authentication, today announced FireID Transaction Verification, a new application that ensures only legitimate online transactions and payments are made. Providing a solution to the much publicized man-in-the-browser (MITB) and man-in-the-middle (MITM) attacks which banks are experiencing, FireID’s out-of-band Transaction Verification application generates a unique code on the end user’s mobile phone to verify the transaction details for online purchases and transactions before they are authorized.

The MITB attack has received significant attention recently, based on its ability to circumvent strong security measures, including many two-factor authentication methods. In such attacks the hacker infects an end-user’s PC with a trojan, or similar piece of malware, which is capable of covertly faking Internet financial transactions in the end-user’s Web browser. The end-user could login securely by using one-time passwords, however, because the attack modifies the secure session, the end-user is still vulnerable.

A Gartner, Inc. report, titled “Where Strong Authentication Fails and What You Can Do About It,” by Avivah Litan on December 3, 2009, addresses the growing dangers of MITB attacks, “These attacks were successfully and repeatedly executed against many banks and their customers across the globe in 2009. While bank accounts are the main immediate targets, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data within the next three years.”

FireID’s Transaction Verification application thwarts these hackers and MITB attacks, enabling secure online transactions with a simple, convenient and cost-effective solution. FireID’s Transaction Verification application uses the customer’s mobile phone to generate a unique code for each online transaction, out-of-band from the Web browser. This code is dependent upon the full details of the transaction, which could be defined as the transaction amount and account number, and is verified by the FireID server for authenticity. If an attacker attempts to change any of the defined transaction details, the code will become invalid and the server will detect the tampering. Since FireID leverages the customer’s mobile phone for transaction verification, expensive and inconvenient hardware tokens are not needed.

“In the high-stakes world of online banking fraud, hackers have developed sophisticated methods for getting inside the user’s browser and falsifying transactions. FireID’s Transaction Verification application provides a powerful out-of-band authentication solution to secure payments and transactions, entirely thwarting MITM and MITB attacks,” said Jenny Dugmore, CEO of FireID.

About FireID

FireID is a leading provider of mobile two-factor authentication. Founded in 2006, FireID is located in Stellenbosch, South Africa and has offices in the U.S. and UK with a broad international network of distributors and resellers. With increased transaction fraud and identity theft, strong authentication has become an essential component for any online or mobile application. FireID's world-class authentication solutions meet the growing authentication needs of corporations, government agencies and end-users who require highly secure and convenient online access to password protected accounts. For more information, visit http://www.fireid.com.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient
Robert Lemos, Contributing Writer, Dark Reading