• DocumentCode
    1753917
  • Title

    Secure confirmation of sensitive transaction data in modern Internet banking services

  • Author

    Weigold, Thomas ; Hiltgen, Alain

  • Author_Institution
    IBM Res., Zurich, Switzerland
  • fYear
    2011
  • fDate
    21-23 Feb. 2011
  • Firstpage
    125
  • Lastpage
    132
  • Abstract
    In recent years attacks on Internet banking services have evolved from rather simple credential stealing attacks to advanced content-manipulation attacks by means of malicious software seeded on the client end-devices. This paper presents the risk mitigation approach of secure beneficiary confirmation on a trusted device combined with multi-level whitelist management to selectively authenticate transactions. Furthermore, two real-world implementations offering unique properties with regards to convenience and mobility while maintaining the highest level of security are described, along with practical results gained from deployment to a large user population.
  • Keywords
    Internet; bank data processing; message authentication; risk management; Internet banking services; content-manipulation attacks; credential stealing attacks; malicious software; multilevel whitelist management; risk mitigation approach; secure beneficiary confirmation; secure transaction data confirmation; transaction authentication; Authentication; Browsers; Internet; Servers; Software; Web pages;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Security (WorldCIS), 2011 World Congress on
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-8879-7
  • Electronic_ISBN
    978-0-9564263-7-6
  • Type

    conf

  • Filename
    5749897
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1753917