Today TriCipher extended its strong credential management platform from user and portal identity protection to business process protection with Armored Transactions, the most powerful and user-friendly solution to verify online transactions.
As businesses implement strong online user authentication to comply with domestic and international regulatory guidelines, attacks are evolving from phishing for users' login credentials to stealth man in the browser (MITB) attacks that intercept and modify transactions.
Integrated into TriCipher Armored Credential System (TACS) 4.0, Armored Transactions prevents hackers' MITB attacks from manipulating activities such as electronic funds transfers, bill pay and stock purchases to perpetrate fraud, identity theft, and pump-and-dump attacks.
"Financial institutions and their customers are completely unprotected against attacks that target transactions," said John De Santis, TriCipher's CEO. "Even if financial institutions provide multifactor user authentication such as tokens or smart cards, attackers can initiate or modify any unprotected transaction they want using man in the browser attacks."
TriCipher's recently announced ID Tool ToGo, a portable, affordable strong credential, puts Armored Transactions' protection on a U3 USB smart drive, protecting transactions wherever users do business.
Man in the Browser: The Next Generation of Fraud
Also known as transaction generators, man in the browser (MITB) attacks are a newly discovered type of man in the middle (MITM) attack that waits until users log in to strike, defeating all previous types of user authentication. Hackers modify data sent during a legitimate session, without the user knowing until it's too late; for example, users could unknowingly purchase the wrong stock or transfer a large sum of money directly into a hackers' account.