In electronic commerce, online transaction wherein a client logs into his/her bank or financial institutions account via the web-site offered by the financial institution has always fallen prey to hackers and phishers who guess login-id and passwords and perform fraud. The Financial transaction world has tried to avoid this by making passwords more and more complicated, login-id more obscure, images recognition, etc. The hackers and the phishers have always out-smarted them with newer techniques like key logging, transparent proxy-ing, dynamic DNS re-routing, etc.
As electronic commerce expands, so does electronic fraud and identity theft. Because a single factor is sufficient to access a user account or perform a transaction, fraud and identity theft only requires a perpetrator to acquire the single factor knowledge. A consequence of the broad acceptance of single factor authentication is, therefore, broad and pervasive fraud and identity theft. Also, for example, a user accessing his financial account on-line is not sure whether the transaction he as initiate is with genuine financial institution website or with some hacker trying to impersonate the financial institution website. Hence there is a need to address the above mentioned issues.
In light of forgoing discussion, there is a need for mutual authentication between user and a service provider to overcome the limitations stated above.