Title :
Secure confirmation of sensitive transaction data in modern Internet banking services
Author :
Weigold, Thomas ; Hiltgen, Alain
Author_Institution :
IBM Res., Zurich, Switzerland
Abstract :
In recent years attacks on Internet banking services have evolved from rather simple credential stealing attacks to advanced content-manipulation attacks by means of malicious software seeded on the client end-devices. This paper presents the risk mitigation approach of secure beneficiary confirmation on a trusted device combined with multi-level whitelist management to selectively authenticate transactions. Furthermore, two real-world implementations offering unique properties with regards to convenience and mobility while maintaining the highest level of security are described, along with practical results gained from deployment to a large user population.
Keywords :
Internet; bank data processing; message authentication; risk management; Internet banking services; content-manipulation attacks; credential stealing attacks; malicious software; multilevel whitelist management; risk mitigation approach; secure beneficiary confirmation; secure transaction data confirmation; transaction authentication; Authentication; Browsers; Internet; Servers; Software; Web pages;
Conference_Titel :
Internet Security (WorldCIS), 2011 World Congress on
Conference_Location :
London
Print_ISBN :
978-1-4244-8879-7
Electronic_ISBN :
978-0-9564263-7-6
