Protect your online business against identity theft

Identity theft is big business. Online transactions are vulnerable to phishing, man-in-the-browser and other ingenious attacks. Here are some known examples:

Man-in-the-browser – A "Trojan horse" changes the contents of the form that the customer submits to the bank website. The change is not noticeable in the form itself. It takes place only in computer memory. It takes place before SSL encoding.

Man in the Middle - Rogue software is put in place at some point between the customer computer and the bank web sites and intercepts all the information transmitted between the customer and the bank.

Key Logging – Software implanted in the customer's computer that records all the keystrokes of the customer, providing a complete record of user IDs, passwords, pin codes, account numbers and transactions. Sometimes this is integrated with additional rogue software, and usually it sends the information it has collected to the hacker.

Session Hijacking – The session is hijacked by unauthorized use of the cookies deposited by the banking site.

Pharming – Pharming is diversion of traffic from a legitimate site to a rogue web site.

Phishing – Customer identity details are stolen. Typically, this is carried out in a place and context removed from the bank web site, such as a fraudulent e-mail asking for information.

Site Cloaking – Cloaking fools search engines by disguising one web site as another.

Cross-Site Scripting – A script is injected to one web site or web log, but it is operated at a different web site.

OS command injection – Injection of operating system commands to be carried out at the web site.

SQL Injection – Injection of SQL queries to be executed at the web site.

Cookie tampering – Information in the cookie is changed to allow an attack.

Form Tampering (read-only and hidden fields) – Changes are made in hidden or read-only fields in the HTML form.

Outbound Data Theft – Data sent from the web site are intercepted for use in attacks. For example, that may include data about the software installed at the site, version number etc.

Application Denial of Service - Numerous types of attacks make use of the possibility of entering rogue information in input fields.

Identiwall provides an ingenious, inexpensive, easy to install, easy to use and highly secure system for multi-factor authentication and confirmation of online transactions. Click here to learn more about Secure online financial transactions