Banks do it all the time, when a critical action has been initiated by the user, the bank will reconfirm it is the owner of the account by sending a passcode or asking the user to re-enter their password.

Why do this? Because it might not be the same user in control of the session. It could be as simple as someone else sitting down at the desktop or something more nefarious like an attack that has stolen the session tokens.

Re-authentication protects the users from account attacks and the online service from “friendly” fraud such as chargebacks.

Why doesn’t every other online service do the same? Because normally it results in too much friction coupled with a high rate of failure. Most online services fear the negative impact it will have on their users.

Fortunately MIRACL trust’s action authentication takes 2 seconds and has a 99.9% success rate, meaning it will have a negligible effect on the user experience and your revenues!

What it does mean is that you can fight friendly fraud in the form of chargebacks with an effective tool to prove who really initiated a deposit/withdrawal, or prove who bet half their wallet on a long shot!

Just re-enter the same PIN you used to log in with.

That was easy (and quick). As you can see your action has been authenticated, the service operator has an immutable & irrefutable proof of your action and you have not been inconvenienced at all!

The digital signature is far more detailed than the simple email signatures used for online document signing. Typically online document signatures prove the owner of a particular email address authorised the document. MIRACL Trust’s signature is unique for every UserID:Device:Service - each permutation has its own unique signature.

This means it is impossible for the user to argue that some unknown attacker from halfway around the world could have misappropriated their username/password and taken the action without their knowledge. The action can be tied to the userID on a specific device for this particular online service.