Online and identity fraud are well known problems. With the proliferation of online banking and e-commerce, there is an increasing risk that a user's online accounts may be accessed for the purpose of fraud. Given the existence of multitudes of viruses, Trojans, and other forms of malware, the web session interface to the user is increasingly becoming a less trusted way to communicate with users. It is becoming more and more important to independently verify that a transaction performed by a user was actually performed by that user and not an imposter.