The MITB attack has received significant attention recently, based on its ability to circumvent strong security measures, including many two-factor authentication methods. In such attacks the hacker infects an end-user’s PC with a trojan, or similar piece of malware, which is capable of covertly faking Internet financial transactions in the end-user’s Web browser. The end-user could login securely by using one-time passwords, however, because the attack modifies the secure session, the end-user is still vulnerable.
A Gartner, Inc. report, titled “Where Strong Authentication Fails and What You Can Do About It,” by Avivah Litan on December 3, 2009, addresses the growing dangers of MITB attacks, “These attacks were successfully and repeatedly executed against many banks and their customers across the globe in 2009. While bank accounts are the main immediate targets, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data within the next three years.”
FireID’s Transaction Verification application thwarts these hackers and MITB attacks, enabling secure online transactions with a simple, convenient and cost-effective solution. FireID’s Transaction Verification application uses the customer’s mobile phone to generate a unique code for each online transaction, out-of-band from the Web browser. This code is dependent upon the full details of the transaction, which could be defined as the transaction amount and account number, and is verified by the FireID server for authenticity. If an attacker attempts to change any of the defined transaction details, the code will become invalid and the server will detect the tampering. Since FireID leverages the customer’s mobile phone for transaction verification, expensive and inconvenient hardware tokens are not needed.
“In the high-stakes world of online banking fraud, hackers have developed sophisticated methods for getting inside the user’s browser and falsifying transactions. FireID’s Transaction Verification application provides a powerful out-of-band authentication solution to secure payments and transactions, entirely thwarting MITM and MITB attacks,” said Jenny Dugmore, CEO of FireID.
FireID is a leading provider of mobile two-factor authentication. Founded in 2006, FireID is located in Stellenbosch, South Africa and has offices in the U.S. and UK with a broad international network of distributors and resellers. With increased transaction fraud and identity theft, strong authentication has become an essential component for any online or mobile application. FireID's world-class authentication solutions meet the growing authentication needs of corporations, government agencies and end-users who require highly secure and convenient online access to password protected accounts. For more information, visit http://www.fireid.com.