2. Electronic Banking & Security Electronic Banking & Security

3. Electronic Banking Electronic Funds Transfer (EFT) is the electronic movement of money that allows electronic banking or e- banking to be accomplished. E-banking allows a person to make withdrawals, deposits, and bill payments by one of the following methods: ◦ Phone ◦ Computer ◦ Automated teller machine (ATM) ◦ Point of sale terminal (POS)

4. Electronic Banking Benefits of e-banking include: ◦ 24 hour access ◦ Fast transactions ◦ Paperless transactions ◦ Convenience ◦ Worldwide access

5. Debit Cards Debit Cards are plastic cards, which look like credit cards, but are electronically connected to a card holder’s depository institution account. ◦ Money is automatically withdrawn from the designated account when a purchase is made. Debit cards can be used when there is not enough money in the account, which will result in a non- sufficient fund fee. For added protection, sign the back of a debit card in the signature box with “see id.” ◦ This will prompt the vendor to match a picture id and name to the individual using the debit card.

6. Personal Identification Numbers Debit cards require the use of PIN (Personal Identification numbers). Personal Identification Number (PIN) is a number that is entered in at an Automated Teller Machine (ATM) or Point of Sale Terminal (POS) This confirms that the individual is authorized to access that particular account.

7. Automated Teller Machines Automated Teller Machines (ATM’s) are electronic computer terminals which offer automated, computerized banking. Transactions allowed may include: ◦ Deposits ◦ Cash withdrawals ◦ Transfers between accounts ◦ Account balance information  Some ATMs may only allow cash withdrawals

8. ATMs continued ATMs can be found at various places ◦ Examples: depository institutions, supermarkets, convenience stores. ATMs are accessed with an ATM or debit card and a PIN. Fees may be charged for ATM use, but will vary depending on the particular depository institution.

9. Point of Sale Terminal Point of Sale Terminal (POS), are located at stores and allows the customer to use a debit card to make a purchase. ◦ A debit card’s magnetic strip is swiped through the POS. ◦ After the required PIN is provided, the transaction is authorized. ◦ If the purchase is under $25.00 a signature may not be required. At participating POS terminals customers may request additional cash back.

10. Direct Deposit ◦ Paychecks and benefit checks are directly deposited into a specified depository institution account. The customer signs an authorization form with his or her employer to authorize the electronic deposit.

11. Direct Payment Direct Payment authorizes bills to be paid by a specific depository institution account. ◦ This can be done for fixed and flexible expenses. Examples include:  Mortgages, vehicle payments, phone bill The customer signs an authorization form to allow the business to deduct funds from the account each billing period. Consumers are responsible for frequently checking their account to ensure that the correct amount was withdrawn.

12. Security problems Network access can be performed through a combination of devices (PC, telephone, interactive TV equipment, card devices with embedded computer chips,...)  Online banking relies on a networked environment.  Connections are completed primarily through telephone lines, cable systems, in some instances even wireless tech.  All these systems improve efficiency, speed and access but also present some privacy and security issues.

13. Security Problems Internet is a public network and open system where the identity of the communicating partners is not easy to define. Communication path is non-physical and may include any number of eavesdropping and active interference possibilities. “Internet communication is much like anonymous postcards, which are answered by anonymous recipients.” Although open for everyone to read, and even write in them, they must carry messages between specific endpoints in a secure and private way.

14. Security Problems Data Alteration Eavesdropping Spoofing PROBLEMS “How can I reassure customers who come to my site that they are doing business with me, not with a fake set up to steal their credit card numbers?” “How can I be certain that my customers’ account number information is not accessible to online eavesdroppers when they enter into a secure transaction on the Web?” “How can I be certain that my personal information is not altered by online eavesdroppers when they enter into a secure transaction on the Web?”

15. What Do We Have to Achieve 14 / 99 Authentication no spoofing Data Integrity no data alteration Non-repudiation no claiming of user action Privacy no eavesdropping

16. How to Achieve It? Cryptography algorithms to provide privacy. Digital Certificates and Digital Signatures for Web servers, to provide authentication. data integrity, and non-repudiation service. Secure Sockets Layer (SSL) uses all these techniques to achieve trusted communication. When URL begins with https it identifies the site as “secure” (meaning that it encrypts or scrambles transmitted information)

17. Electronic Banking Security Encryption or cyphertext ◦ Private key or symmetric ◦ Public key or asymmetric (public key infrastructure, PKI) not only ensures confidentiality but also provides authentication of the sender thus preventing repudiation ◦ SSL, Secure Sockets Layer ◦ HTTPS, Hypertext Transfer Protocol, Secure

18. Electronic Banking Security Digital Signature Uses the asymetric method to perform two functions ◦ Authentication ◦ Integrity public key encryption does not identify the sender. Digital signatures fill this gap. Digital certificates

19. Electronic Banking Integration and Standards Extensible Mark-up Language, XML Some standards groups: ◦ TWIST or Treasury Workstation Integration Standards Team