Secure confirmation of sensitive transaction data in modern internet banking services

In recent years attacks on Internet banking services have evolved from rather simple credential stealing attacks to advanced content-manipulation attacks by means of malicious software seeded on the client end-devices. This paper presents the risk mitigation approach of secure beneficiary confirmation on a trusted device combined with multi-level whitelist management to selectively authenticate transactions. Furthermore, two real-world implementations offering unique properties with regards to convenience and mobility while maintaining the highest level of security are described, along with practical results gained from deployment to a large user population. © 2011 WorldCIS.