Fending finanicial transaction from phishing attack

Phishing is the criminal activity of enticing people into visiting websites that impersonate the real thing, to dupe them into revealing passwords and other credentials to carry out financial fraud. This less suspected and high profile attack lays a deceit trap to the unwitting and gullible customers to part with their sensitive credentials to unauthorized entities. The inherent suave and subtle vulnerabilities associated with the websites like flawed design, inconsistent software patches, incompatible hardware threats, cross site scripting, buffer overflow, cookie and session hijacking etc exacerbate the possibility of incidence of phishing. There are variants of phishing attack that target the personalized profiles of online banking community. Online banking (or Internet/Electronic banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank. The financial activities within bank can fall under three realms of Client to Client (C2C), Client to Bank to Client (C2B2C) and Bank to Bank (B2B). The proposed state of the art solution mechanism is to pre agree to a session specific key by name Transaction Enabling Key (TEK) on successful exchange of authentication token and authorization stamp between the client and bank server in the context of C2C or C2B2C. The B2B interaction requires a still sophisticated technique viz. like submitting the Service Right Certificate (SRC) possessed by each genuine bank website to the other counter party during the online financial transaction. The submission of faultless SRC by the corresponding entities ensures the integrity of the website and henceforth the credibility of financial transaction is upheld. These two proposed techniques help to alleviate the security apprehensions and trust breaches encountered in online financial scene.