<p>A method and system (1) for authenticating a secure transaction between a secure transaction host (3) and a transacting user (13) is provided. The method includes receiving an authentication request from the secure transaction host (3) at an authentication server (7) and establishing a USSD session with the mobile phone (19) of the transacting user (13) via a network provider (9) upon receipt of the request. Details of the transaction is then passed to the user's mobile phone (19) by means of USSD messages and the user (13) is requested to confirm or deny, also by means of USSD, its intended performance of the secure transaction. Only if the user confirms the transaction is the transaction authenticated by the authentication service provider (7). The user may also be requested to enter a personal identification number and transmit it to the authentication service provider via USSD.</p>