Connect with us

FINANCE

Protecting against man in the middle attacks with dynamic linking

Protecting against man in the middle attacks with dynamic linking 29

By David Vergara, Senior Director of Product Marketing at OneSpan

In recent years, the booming growth of mobile applications has changed the way we go about our daily lives. We’re using these apps for just about everything imaginable, from shopping, to communicating and even managing our finances.

Back in 2018, a survey by Deliotte of over 17,000 consumers reported that 94% of mobile banking users also used online banking at least once a month. Furthermore, a report into the state of UK finance in 2020 found that only 7.7% prefer in-branch visits for their banking, with the vast majority using online or mobile channels. Now with the global pandemic, consumers that weren’t using digital banking platforms have been forced to adopt them due to social distancing mandates. While this has helped to keep individuals safe, it has also increased the target of attack for cybercriminals.

Cyberattacks have become so sophisticated that users can find themselves falling victim to man-in-the-browser (MitB) or man-in-the-middle (MitM) attacks, and unknowingly installing malware on to their laptops or desktop computers. This has  serious consequences for online banking. Fortunately, using a trusted mobile device can offer an additional layer of security and can help defend against sophisticated online threats through app-based transaction data signing.

Man in the middle attacks: What are they?

MitM attacks occur when a cybercriminal is able to intercept communications between a customer’s device and the banking server. They are then able to alter details of transactions without the customer ever noticing it. A normal transaction of 100 pounds could be changed to 1,000 pounds by a malicious actor.

There are several ways to intercept these communications. One example of this is when a banking customer is using a public hotspot. These public Wi-Fi networks are often insecure, so when a user carries out a transaction while connected to public Wi-Fi, they may unknowingly be transferring their financial transaction data through a network controlled by a cybercriminal.

Man in the middle attacks: How to combat them?

In Europe, the Revised Payment Services Directive (PSD2) has pushed banks and financial institutions to evolve both their mobile and online banking experiences which has helped implement measures to counter MitM attacks.

PSD2 has set out requirements for Strong Customer Authentication (SCA) in addition to dynamic linking, which is also known as transaction data signing. This dynamic linking requirement protects a transaction in three parts. First, it requires that the payer authenticate the transaction data they’ve inputted such as the amount and the payee and confirm that it’s correct. An authentication code is then generated that links to the transaction data, so that any change in transaction details would invalidate the code.

David Vergara

David Vergara

Second, the confidentiality and integrity of the transaction data needs to be protected throughout the authentication process, so a bad actor cannot intercept and alter the details. This ensures the authentication code is generated based on authentic transaction details.

Finally, the customer needs to be aware of the transaction data they are asked to authenticate. This means that the transaction data needs to be presented to the customer at the time of authorization.

Cronto Technology: putting the theory into practice

Transaction verification, using Cronto technology, is one way banks are ensuring they protect their customers against MitB and MitM attacks.

Cronto secures the communication channel to protect the confidentiality and integrity of the transaction. It then presents the transaction data in plain-text so the user can confirm it corresponds with their intended transaction before generating an authentication code based on the transaction’s details. Cronto is available through a mobile app on a trusted second device, and the customer scans the code – which is essentially a color QR-like image.

Only the bank is able to generate this code and it can only be decrypted by the user’s mobile device. This unique approach to transaction verification simplifies the experience because it reduces the user interaction required to authenticate a transaction – customers simply point their phone at the screen to scan the image and enter a response code into the browser. This allows all of the encrypted transaction details to be communicated between the bank and customer without the risk of interception or tampering by hackers.

As a result, banks can offer a quick, user-friendly security solution that protects customers, ensures compliance and ultimately improves the user experience.

Continue Reading

Recent Posts

The lockdown money revolution 30 The lockdown money revolution 31
FINANCE2 days ago

The lockdown money revolution

By Granville Turner, Director at Turner Little. Many Brits have found that lockdown has been beneficial for their money, having...

Self-employed taxpayers and Making Tax Digital 32 Self-employed taxpayers and Making Tax Digital 33
BUSINESS2 days ago

Self-employed taxpayers and Making Tax Digital

By John Hemming, CEO of Cirrostratus Exedra, the company that runs the VAT Direct Making Tax Digital Service The HMRC’s ambition...

Auditor regulation and litigation - down to the Wire(card)? 34 Auditor regulation and litigation - down to the Wire(card)? 35
BANKING2 days ago

Auditor regulation and litigation – down to the Wire(card)?

By Tom Snelling, partner at Signature Litigation and David Entwistle, a regulatory lawyer and legal risk specialist Introduction The collapse...

Why it’s time to adapt to the virtual world: how to master online negotiations 36 Why it’s time to adapt to the virtual world: how to master online negotiations 37
TECHNOLOGY2 days ago

Why it’s time to adapt to the virtual world: how to master online negotiations

By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development Virtual negotiations...

Protecting against man in the middle attacks with dynamic linking 38 Protecting against man in the middle attacks with dynamic linking 39
FINANCE1 week ago

Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan In recent years, the booming growth of mobile applications has...

The Case for Banks to Digitally Transform: Iterating out of lockdown 40 The Case for Banks to Digitally Transform: Iterating out of lockdown 41
BANKING1 week ago

The Case for Banks to Digitally Transform: Iterating out of lockdown

By Sudeepto Mukherjee, Senior VP, Banking EMEA & APAC, Publicis Sapient. Before COVID-19 disrupted every imaginable part of society, banks...

Difficulties of Getting on the Property Ladder Post-Pandemic 42 Difficulties of Getting on the Property Ladder Post-Pandemic 43
LIFESTYLE1 week ago

Difficulties of Getting on the Property Ladder Post-Pandemic

There is a lot of talk about what’s going to happen to the housing market over the next few months....

Russian Doll: Building digital capabilities into a bank’s core 44 Russian Doll: Building digital capabilities into a bank’s core 45
BANKING1 week ago

Russian Doll: Building digital capabilities into a bank’s core

By Ian Johnson, Managing Director of Europe, Marqeta COVID-19 has left its mark on every industry, and banking is no...

How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 46 How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 47
TRADING1 week ago

How the US and Europe’s COVID-19 Responses Have Affected Exchange Rates

In living memory, few events have thrown the reputations of different countries and regions under such intense scrutiny as the...

Recognising the surprise PE investment potential in southern Africa 48 Recognising the surprise PE investment potential in southern Africa 49
INVESTING2 weeks ago

Recognising the surprise PE investment potential in southern Africa

By Martin Soderberg, partner at SPEAR Capital. An event of historic significance passed largely unnoticed in the world’s media recently,...

Why Banking is experiencing a second wave of transformation 50 Why Banking is experiencing a second wave of transformation 51
BANKING2 weeks ago

Why Banking is experiencing a second wave of transformation

By Keith Pearson, Head of Financial Services EMEA, ServiceNow The financial landscape has seen significant changes in the last six...

Making your mark: an introduction to trademarks 52 Making your mark: an introduction to trademarks 53
TRADING2 weeks ago

Making your mark: an introduction to trademarks

By James Turner, Director at  Turner Little  Are you looking to protect your brand? The chances are, you are –...