As online businesses implement strong user authentication to comply with regulatory guidelines (FFIEC, SEPA), attacks are evolving from Phishing attacks that try to steal the user’s login credentials to Man in the Browser (MITB) that intercept and modify the transaction after a user has logged into the website. Also know as transaction generators, MITB attacks are a newly discovered type of Man in the Middle (MITM) attack that waits until users log in to strike, defeating all previous types of user authentication including OTP Tokens, Smart Cards and Biometrics. In order to prevent Man in the Middle attacks, online businesses must authenticate each high-value transaction as it is submitted.

The existing options for transaction verification such manual phone calls, using out of band one-time passwords (SMS or email) or dedicated hardware input devices have failed to be adopted widely because they are difficult to use and deploy, require dedicated hardware devices, or simply cost too much to make business sense.

TriCipher Armored Transactions is the first transaction authentication solution that is low-cost and user-friendly enough to be widely adopted for consumer and business transactions, while at the same time preventing Man in the Browser attacks.  It works by displaying details of each transaction, which users then verify.  While users’ experience is as simple entering passwords and clicking a mouse, behind the scenes TriCipher’s patented PKI-based technology digitally signs the transaction through a separate secure connection, legally proving that the user authorized the transaction.