Internet
Fact-checked

At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What Is Transaction Verification?

Dan Cavallari
Dan Cavallari

Transaction verification protects consumers from fraud by ensuring that no change has been made to a monetary transaction as it is being processed. An Internet-based security measure, transaction verification is helpful against Man-in-the-Middle attacks. In these attacks, a cyber criminal creates a fake website that effectively eavesdrops on the communication between a consumer and his bank, retailer, or credit card company. The criminal is thus able to gain the consumer’s personal information and use it. In a Man-in-the-Middle attack, neither the consumer nor the retailer knows that an outside party is spying on the conversation.

One example of a very potent Man-in-the-Middle technology was the Silent Banker malware that infected over 400 bank websites around the world in 2008. In this case, the malware was a rootkit that was implemented before the browser’s virus protection software kicked in. Once the unsuspecting browser entered his authentication information into the bank’s website, the Silent Banker malware activated, changing the destination of the transaction to the criminal’s bank account.

Transaction verification technologies protect consumers from fraud that might be perpetrated by hackers via mobile and computer-based online services.
Transaction verification technologies protect consumers from fraud that might be perpetrated by hackers via mobile and computer-based online services.

Many websites and mobile software programs have implemented out-of-band technology for transaction verification. Supposedly this method works because it takes the consumer outside of the browser in which the criminal would be eavesdropping. The consumer would verify the transaction through a phone call or e-mail. Unfortunately, out-of-band authentication is still susceptible to Man-in-the-Middle attacks, because those attacks use counterfeit websites. Therefore, the consumer would not necessarily see that anything was wrong with the site before providing the authentication. He might actually call the criminal and give him his information by phone.

Banks use various forms of transaction verification in their different technologies.
Banks use various forms of transaction verification in their different technologies.

Other websites have utilized one-time codes for transaction verification. Theoretically, only the consumer would know the code, so when he enters that code into the bank’s website, the bank is assured that the consumer is who he says he is. If the consumer’s operating system has been taken over by a malware program; however, he is not the only person who has access to that code.

While there is no way to completely protect a consumer from online fraud through transaction verification, there are a few tips which can reduce the likelihood that a consumer will fall into a Man-in-the-Middle trap. First, the consumer should beware of any e-mails or text messages that are sent to him from an unknown source. Those communications should be deleted immediately and no links within those e-mails or text messages should be opened. Second, if the website suddenly changes in appearance, be careful about using it. It might be a Man-in-the-Middle’s decoy site. If suspicious activity continues, call the organization that maintains the website. Finally, all computer users should maintain current virus and Spyware protection as well as a firewall to minimize the likelihood that their computer will be attacked successfully.

Discuss this Article

Post your comments
Login:
Forgot password?
Register:
    • Transaction verification technologies protect consumers from fraud that might be perpetrated by hackers via mobile and computer-based online services.
      By: Ammentorp
      Transaction verification technologies protect consumers from fraud that might be perpetrated by hackers via mobile and computer-based online services.
    • Banks use various forms of transaction verification in their different technologies.
      By: Denys Prykhodov
      Banks use various forms of transaction verification in their different technologies.