A method and apparatus for authenticating transactions accomplished over a data network utilizes a "cookie" containing both static information (user-identifying information) and dynamic information (transaction-based information). The transaction-oriented dynamic information portion comprises a random number and a sequence number, the latter tracking the number of billing transactions conducted by the user associated with the account number. The cookie, sent to the user's cookie file upon a previous transaction, is valid for only a single new transaction. A billing server, upon receiving the cookie containing the static and dynamic information portions, identifies the user from the account number in the static portion and accesses from an associated database the expected random number and sequence number that the billing server last sent to that user in the transaction-oriented dynamic portion. If the expected dynamic portion matches the received dynamic portion, the user is authenticated to proceed with the current transaction.