Today, there is a wide variety of software which allows users to conduct various online transactions. Many transactions are made using online banking services accessible with standard Web browsers. Dedicated banking client applications are also used, which are especially popular on mobile platforms. Other applications related to online transactions include electronic currency systems, such as BitCoin, or online games that use their own system of micro-transactions, where the user can buy intra-game items or intra-game currency for real funds, for example, using a bank card.
Not surprisingly, with the growth of online payments, this service segment has attracted the interest of criminals who actively research ways for intercepting such transactions to carry out illegal transfers of funds. Usually, such data are stolen using malicious programs, i.e., malware, that are transferred to user computers by way of infection (e.g., infection vectors can include viruses, Trojans, worms, etc.). Most often, malware programs are transferred to computers through infection of popular web browsers.
The malware can then intercept data entered from input devices (such as a keyboard or a mouse), or intercept data sent to the network. For example, malware infecting browsers gains access to browser's files, and views the browsing history and saved passwords when web pages are visited. Data input interceptors (or keyloggers) intercept the input of data from a keyboard or a mouse, make screenshots and hide their presence in the system using a number of rootkit technologies. Such technologies are also used during realization of network packet interceptors (traffic sniffers), which intercept the network packets being transferred, extracting valuable information from them, such as passwords and other personal data. It should be noted that infection happens most often using vulnerabilities in software, which inadvertently allow various exploits to penetrate the computer system.
Existing antivirus technologies, such as signature-based or heuristic checks, proactive protection methods, or the use of trusted application lists (i.e., whitelists), can detect many malicious programs on user computers. However, these existing technologies are not always able to determine new malware variants, which are deployed with increasing frequency every day. Therefore, solutions are needed to make online transactions safer for users.
There are various solutions aimed at ensuring safety of online transactions. One approach for countering malicious programs that intercept data input from input devices involves using protected input devices. Examples of such devices include a keyboard that encodes entered data or a virtual (software-based) keyboard that accepts input through a graphical user interface using a different input device such as a mouse or touchscreen. Such solutions have a number of drawbacks: for a keyboard with encoding of entered data, interceptors can also be used that would intercept data before the encoding or after decoding, while a virtual keyboard can be compromised by using malicious programs that make screenshots with preset time intervals, thereby revealing the keys being pressed.
U.S. Patent Application Publication No. 2006/0136332 discloses the use of a combination of “protected transaction support device plus a program client on a computer” to ensure transaction safety. The client program operates transparently for the user. The protected device contains a set of algorithms ensuring the safety of each known transaction type. However, the application does not address the matter of analysis of the safety of the computer as a whole, i.e. in the presence of unknown malicious programs, data input by the user may be compromised. International Publication No. WO/2005033943 discloses a service for the analysis of the web server of a payment system for vulnerabilities (for example, presence of open ports). The visitors to the web server (i.e. the service's clients) will be shown information on the detected vulnerabilities, but the subsequent actions must be taken by the users themselves. U.S. Pat. No. 8,024,790 discloses a mechanism for determining that a URL address is important in terms of information input by the user, in order to take further steps to ensure safety; this may be impossible in case if the address has been compromised (a phishing site) or was not marked by the user as important.
Although each these approaches proposes addresses one, or some, of the susceptibilities of online transactions, each one leaves certain problems un-addressed. Another challenge has to do with burdening the user's experience with stacked-on protections. Particularly, adding individual protections tends to take up computing resources and slow down the process by which the user inputs data and otherwise interacts with the local computer system. Simply enabling multiple different protection mechanisms whenever a user appears to initiate an online transaction risks burdening the user to such an extent that the user may disable the protection software altogether. This paradoxically achieves the exact opposite result to the desired objective of ensuring security in these types of transactions. A practical solution is therefore needed.