The recent man-in-the-browser attacks on banks and their customers all over the world found the online industry exposed and totally surprised. These sophisticated attacks occur often after the customer went through Two stage Authentication and they alter the customer's original intention in a way that could not be detected before the introduction of IDentiWall.

Attacks of this type piggy back on the customer's original transaction such as transferring money from their account to another account; in fact any transaction that touches money is exposed to attacks of this type. The malware is then in a position to change the amount to be transferred and the target account for that transfer without showing any of its alteration on the screen. Actually it does what it does right after the customer hits the Send key and before that transaction is encrypted by the SSL.

For more sophisticated banking system that reply to the customer with a screen on which the requested transaction is detailed and ask for confirmation, the malware again changes the details so they reflect original intention of the customer.

Right after the customer confirms the data that they see, which comply with their original intention, the malware tampers with it again to fit the original tampering, making a mockery of the security confirmation process.

IDentiWall's out-of-the-box built-in Transaction Verification facility is the first effective counter measure to man-in-the-browser measure. Not only does it fight the attack, it also notifies the customers whenever they've been attacked.

No wonder IDentiWall got such a warm welcome from banks and commercial web sites!