Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan

In recent years, the booming growth of mobile applications has changed the way we go about our daily lives. We’re using these apps for just about everything imaginable, from shopping, to communicating and even managing our finances.

Back in 2018, a survey by Deliotte of over 17,000 consumers reported that 94% of mobile banking users also used online banking at least once a month. Furthermore, a report into the state of UK finance in 2020 found that only 7.7% prefer in-branch visits for their banking, with the vast majority using online or mobile channels. Now with the global pandemic, consumers that weren’t using digital banking platforms have been forced to adopt them due to social distancing mandates. While this has helped to keep individuals safe, it has also increased the target of attack for cybercriminals.

Cyberattacks have become so sophisticated that users can find themselves falling victim to man-in-the-browser (MitB) or man-in-the-middle (MitM) attacks, and unknowingly installing malware on to their laptops or desktop computers. This has  serious consequences for online banking. Fortunately, using a trusted mobile device can offer an additional layer of security and can help defend against sophisticated online threats through app-based transaction data signing.

Man in the middle attacks: What are they?

MitM attacks occur when a cybercriminal is able to intercept communications between a customer’s device and the banking server. They are then able to alter details of transactions without the customer ever noticing it. A normal transaction of 100 pounds could be changed to 1,000 pounds by a malicious actor.

There are several ways to intercept these communications. One example of this is when a banking customer is using a public hotspot. These public Wi-Fi networks are often insecure, so when a user carries out a transaction while connected to public Wi-Fi, they may unknowingly be transferring their financial transaction data through a network controlled by a cybercriminal.

Man in the middle attacks: How to combat them?

In Europe, the Revised Payment Services Directive (PSD2) has pushed banks and financial institutions to evolve both their mobile and online banking experiences which has helped implement measures to counter MitM attacks.

PSD2 has set out requirements for Strong Customer Authentication (SCA) in addition to dynamic linking, which is also known as transaction data signing. This dynamic linking requirement protects a transaction in three parts. First, it requires that the payer authenticate the transaction data they’ve inputted such as the amount and the payee and confirm that it’s correct. An authentication code is then generated that links to the transaction data, so that any change in transaction details would invalidate the code.

David Vergara

David Vergara

Second, the confidentiality and integrity of the transaction data needs to be protected throughout the authentication process, so a bad actor cannot intercept and alter the details. This ensures the authentication code is generated based on authentic transaction details.

Finally, the customer needs to be aware of the transaction data they are asked to authenticate. This means that the transaction data needs to be presented to the customer at the time of authorization.

Cronto Technology: putting the theory into practice

Transaction verification, using Cronto technology, is one way banks are ensuring they protect their customers against MitB and MitM attacks.

Cronto secures the communication channel to protect the confidentiality and integrity of the transaction. It then presents the transaction data in plain-text so the user can confirm it corresponds with their intended transaction before generating an authentication code based on the transaction’s details. Cronto is available through a mobile app on a trusted second device, and the customer scans the code – which is essentially a color QR-like image.

Only the bank is able to generate this code and it can only be decrypted by the user’s mobile device. This unique approach to transaction verification simplifies the experience because it reduces the user interaction required to authenticate a transaction – customers simply point their phone at the screen to scan the image and enter a response code into the browser. This allows all of the encrypted transaction details to be communicated between the bank and customer without the risk of interception or tampering by hackers.

As a result, banks can offer a quick, user-friendly security solution that protects customers, ensures compliance and ultimately improves the user experience.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts