Home banking, webmail via https, e-commerce website … and so on!
Authentication is really important, and your browser tells you when you’re surfing over a secure connecti0n and when not.
Fraudsters are beating strong two-factor authentication and are proving that any authentication method that relies on browser communications can be defeated. A layered fraud prevention approach can thwart these attacks.
Criminals are successfully launching man-in-the-browser attacks that circumvent strong two-factor and other authentication that communicate through the user’s browser. The fraudsters are also successfully having telecommunication carriers forward phone calls used to authenticate users and/or transactions to the fraudster’s phone instead of the legitimate user’s phone. These attacks were successfully and repeatedly executed against many banks and their customers across the globe in 2009. While bank accounts are the main immediate targets, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data within the next three years.
A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers can and has mitigated these threats.
read full article here: Where Strong Authentication Fails and What You Can Do About It