Transaction authentication generally refers to the Internet-based security method of securely identifying a user through two-factor authentication or three-factor authentication at a transaction level, rather than at the traditional Session or Logon level. It involves identifying legitimacy through a verification process. Transaction authentication is augmented with data that provides uniqueness and timeliness through a combination of message authentication and entity authentication.
An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re-authenticate themselves using the appropriate two or three factor authentication method. Authentication, no matter how strong the method(s) used cannot protect against so called Man-in-the-Middle (MitM) or Man-in-the-Browser (MitB) attacks. This differs from transaction verification, also an Internet-based security method, which is specifically designed to combat MitM and MitB attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, that is. ensuring it has not been altered by one of these fraudulent techniques.