A Model for Securing E-Banking Authentication Process: Antiphishing Approach

This paper presents the authentication environment defined for securing e-banking applications. The proposed method is part of a Phd Doctoral thesis aimed at defining a model for secure operation of an Internet banking environment, even in the presence of malware on the client side. The authentication model has been designed to be easily applicable with minimum impact to the current Internet banking systems. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks. The key point of this model is the need for multi factor mutual authentication, instead of simply basing the security on the digital certificate of the financial entity, since in many cases users are not able to discern the validity of a certificate, and may not even pay attention to it. By following the rules defined in this proposal, the security level of the Web banking environment will increase and customerspsila trust will be enhanced, thus allowing a more beneficial use of this service.