Nowadays, Online banking security mechanisms focus on safe authentication mechanisms, but all these mechanisms are rendered useless if we are unable to ensure the integrity of the transactions made. Of late a new threat has emerged known as Man In The Browser attack, its capable of modifying a transaction in real time without the users notice, after the user has successfully logged in using safe authentication mechanisms. In this paper we analyze the Man In the Browser attack and propose a solution based upon Digitally signing a transaction and using the mobile phones as a software token for Digital Signature code generation.

1. Protecting Online Customers from Man-in the-Browser and Man-in-the-Middle Attacks, Whitepaper by ARCOT
2. Two Factor Authentication Using Mobile Phones Fadi Aloul, Syed Zahidi And Wassim El-Hajj.
3. Implementation of OTP Two Factor Authentication System From Visolve For Banks, Whitepaper.
4. nisr-wp-phishing.pdf, The Phishing guide NGS Ltd.
5. Online_Banking_Fraud_Prevention_WP_US_4301.pdf, Whitepaper by ACI
6. An introduction to cryptography and digital signature by Ian Curry.
7. Descriptions of SHA-256, SHA-384, and SHA-512, sha 256-384-512 pdf.
8. RSAEncryption,http://www.geometer.org/mathcircles/RSA .pdf
9. Web based Digital Signature Verification solution by Maestro
10. How to increase the Online banking users confidence by Mr.Gilbert

Online Transactions Man In Browser Attack Digital Signature Mobile Phones as Software Token