Abstract With the rise of Internet banking, phishing has become a major problem in online banking systems. Over time, highly evolved phishing attacks, such as active phishing, have emerged as a serious issue. Thus, we suggest two server authentication schemes based on SSL/TLS to protect Internet banking customers from phishing attacks. The first scheme uses the X.509 client certificate, which includes a personal identification message from the customer in order to recognize a genuine banking server. The second scheme, based on the first one, is a modified version of SSL/TLS. We also analyze our schemes using attack scenarios and an analysis table
