There are a number of different authentication requirements we might be interested in, at least one for each of the participants in the protocol.
We will focus on the following three:
The merchant is authenticated to the customer. This gives the customer an assurance that the merchant he considers to be the other party in the protocol is indeed the other party.
The merchant authenticates the Cyberbank. This gives the merchant an assurance that the transaction has passed through the Cyberbank and hence that the transaction amount will be transferred.
The Cyberbank authenticates the customer. This gives the Cyberbank an assurance that the transaction really does involve the customer mentioned in the protocol, and hence that a ...