Vocabulary Practice: Transaction Authentication

Read the text again and answer the questions with some of the words in bold.

Electronic banking has rapidly developed over the past decade. Regrettably, so have attacks on online banking sessions, becoming more and more refined, cunning and precise.

In the past, electronic banking services relied exclusively on user identity verification. This, however, is no longer a sufficient method of preventing fraudulent transactions, as they can be carried out from computers of legitimate clients who have accessed their online bank accounts upon prior identity verification. Therefore, more sophisticated technologies are necessary to thwart unauthorized e-banking activity.

Transaction authentication is an online security method whereby the user is identified through multi-factor authentication (MFA) at the level of transaction rather than login. Since an e-banking app allows its users to perform multiple transactions within a single session, every transaction has to be authenticated. MFA uses the combination of several elements, i.e. something that the users possesses (e.g. disconnected tokens in mobile phones or connected tokens attached to computers), something that they know (e.g. a password, PIN number or secret question), and something that is specific to them (so-called inherence factors, verified using biometric methods such as fingerprint readers or voice recognition). It is only upon successful provision of all authentication elements that a given transaction is authorized.

Regardless of how powerful the authentication methods, they do not provide full protection against so-called Man-in-the-Browser and Man-in-the-Middle attacks. This can be accomplished through transaction verification, which, in addition to authenticating user identity, verifies the very content of transactions, making sure that they have not been tampered with.