Businesses need to adopt a multi-layered approach to fraud prevention to combat the increasing number of hackers who are beating the two-factor model, according to a new report.

The study, by IT research firm Gartner, revealed that Trojan-based, 'man-in-the-browser' attacks can get around even strong two-factor authentication through the use of one-time password tokens.

Other strong verification methods such as chip cards and biometric technologies that rely on browser communication can also be defeated by these attacks.

Avivah Litan, a leading analyst and vice-president at Gartner, said that, 'while bank accounts are the main immediate target, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data'.

She added: 'A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers has been proven to mitigate these threats.'

The organisation highlighted the use of automated fraud detection or the manual reviewing of high-risk transactions as effective methods to combat the increased threat of attack.