Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-FINANCE CHAPTER 7 SECURITY E-finance Log into the future, 2nd Edition, Thousand Oakes, London, Internet Banking and Its potential in TRNC, Zakaria Jado.

Published byMarvin Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "E-FINANCE CHAPTER 7 SECURITY E-finance Log into the future, 2nd Edition, Thousand Oakes, London, Internet Banking and Its potential in TRNC, Zakaria Jado."— Presentation transcript:

1 E-FINANCE CHAPTER 7 SECURITY E-finance Log into the future, 2nd Edition, Thousand Oakes, London, Internet Banking and Its potential in TRNC, Zakaria Jado Zakario, Assoc. Prof. Dr. Hatice Jenkins, TRNC, 1

2 2 E-FINANCE SECURITY In this chapter we will discuss an important issue that concern E- finance security. First we will provide an introductory motivation and then we show where security risks arise. Motivation  E-finance uses internet which is a public network of computers that allows for data to flow between users  Data is transferred between the financial institution and customers.  Hackers operating via internet could access and use confidential customer information

3 3  They can run viruses that collapse the bank’s data base  They can cause loss of data,  Theft of customer information,  Disabling of a significant portion of bank’s internal computer system  Stopping operations and  Increasing costs of repairing.  For example a hacking incident at Citibank in 1997 resulted in a loss of $10 million.  Another hacking incident cost several British banks 400 million pounds in total and this is similar to bank robbery.

4 4 Places to Keep Safe  Security in internet banking comprises both the computer and communication medium.  The aim of communication security is to protect data during the transmission between computers on the network.  If attackers decided to attack in any place between the bank and the user, naturally they will be interested in spying on data flows between the two, hoping to understand and capture personal information and use it to without the permission of it original owner.  Communication medium is secure; it has become very difficult to be attacked with the introduction of new technologies such as SSL technology.

5 5 Security Problems and Standards We will examine the main problems of internet banking system from the security point of view Skundric (2003) argues that internet banks are faced with three main problems: 1-Spoofing: How can the bank make sure that customers who come to their site are doing business with them and not trying to steal the customers’ credit card numbers? 2-Eavesdropping: How can the bank be certain that his customers account information is not accessible to online eavesdroppers when they enter into a secure transaction on the web? 3-Data alteration: How can the bank be sure that his personal information is not altered by online eavesdroppers when they enter into a secure transaction on the web?

6 6  To avoid those problems, system administrators has created a set of tasks that should be treated as standards for any well protected internet banking system as shown by the Indian internet banking report, the security administrator is concerned with the following tasks: Authentication: It is a process of verifying claimed identity of and individual user, machine, software components or any other entity. The purpose of this is top verify the source from where the data is received. Data Confidentiality: The concept of protecting data from unauthorized disclosure. Due to the open nature of internet, unless the data is protected, all the data transferred can be monitored or read by others.

7 7 Data Integrity: This ensures that the data cannot be modified in unexpected way. Data held should be correct and accurate, failing to assure integrity would make data useless and dangerous. Loss of data integrity could result from human error or catastrophic events i.e.” I love you” virus. Non-Repudiation: This means protecting the sender against false denial by the recipient, or protecting the recipient against false denial by the sender. This is done by creating a proof of the origin or delivery data to protect both the bank and the user.

8 8 Internet Banking System Attacks Security problems mentioned previously are created by different types of attacks. As internet is open for everyone and available any time, an attack could happen anytime from anywhere. There are many types of attacks but they all have one purpose. Here are some kinds mentioned by the Office of the Comptroller of Currency: 1-Social Engineering: The attacker calls the bank’s help disk as an authorized user to gain information about his personal information including passwords. 2-Guessing Passwords: Attacker uses a kind of software that is able to test all possible combinations of characters to find a particular password, then to gain entry to user account.

9 9 3-Sniffers: Sniffer attackers use special software which can be placed on the bank’s system or the user’s PC aiming to capture clients IDs and passwords, those can be used further to enter real accounts and transfer funds. 4-Brute Force: When customers try to log into their accounts, they are forced to enter their user and password which are sent in a form of message to the bank to match with the original. As those messages are sent, hackers can use software that capture those messages and break them to capture information inside. 5-Trojan Horse: It is a small program that looks like an integrated part of the system while it is not. When it enters into the system, it allows the attacker to gain access to it without being disclosed.

10 10 Internet Banking and Security Solution There are many security solutions available for implementers. Here is some security solutions provided: 1-Autentication Techniques: Authentication is a process to verify the claimed identity. There are different techniques available for authentication. Password is the most extensively used method, all the financial institutions use password attached to the PIN or the user name for authentication. Token Technology and smart cards uses a separate physical device. This device is held by the customer to verify his identity. Token is a small hand held card or calculator used to generate passwords. The device is logically attached to the security software and allows the user to generate a new password with each login.

11 11 Biometric involves the identification and verification of an individual based on some physical characteristics such as fingerprint analysis or hand geometry, this technology is advancing rapidly and offer a strong authentication techniques. 2-Firewalls Firewall is a combination of hardware and software that is placed between two networks aiming to check all the traffic between them. In other words, firewall acts like a gate that restricts unauthorized users to enter into the bank’s system and practice unauthorized actions. 3-Secure Socket Layer (SSL) Secure socket layer technique is one of the most popular used security protocols on the internet today. It allows for changing the language of messages transferred in a way that is difficult to understand by other users.

12 12 What Can Banks Do? Now we will examine some security hints to be followed by banks: 1-Penetration Testing: This aims to put the system under pressure and impose it to different cracking scenarios and see how the system responds. This include, guessing passwords using cracking password tools, search for system holes (weak points), overloading the system with massive amounts of messages. Penetration may also be tested by inviting expert crackers. 2-Keeping backup and recovery records: the banks should have a proper infrastructure and schedules for keeping backup data. In the case of data loss caused by any reason, backups can be used to restore the original data like nothing happened.

13 13 3-Security Logs: All computer accesses, including messages received should be logged. All security violations should be reported and logged with the actions practiced. Administrators can go back to these logs and use it to track attacks and helping them in disclosing the origin of further attacks when occur. 4-Physical Access Controls: It is a vital part of security plan to restrict the physical entry of unauthorized users to use the internal system and use its resources. Banks can use video cameras, control visitor’s access; install motion detectors and other tools. 5-Education and Review: Banks should review their security infrastructure and security policies regularly. Human expertise operating the system should also update and renew their experiences and respond to changing technologies.

14 14 6-Certified Products: The bank should only use those security solutions i.e. software which are certified and guaranteed by their manufacturers. 7-Customers’ Education: Finally, it is the bank’s responsibility to educate its customers on the ways of protecting their transactions. Banks may use online support, frequently asked questions and other ways to deliver proper means of protections to their customers. What Can Customers Do? Conducting a secure transaction is the responsibility of both the bank and the customers. While banks invest in the necessary equipments to protect their transactions, customers should be aware of being trapped by hackers’ tricks. Here are some suggestions to the customers’ role of protecting their transactions.

15 15 Clients should be sure that they are connected to their bank’s web site, not a similar one. Clients should also be sure to be connected through a secure connection thus data sent and received is encrypted. Once, the clients open his bank’s web site, the browser will display a small icon on the user’s screen that looks like a lock or a key. Another tip is to avoid sending any sensitive information such as password or a user name using unsecured email. Password should be unique and it should be changed regularly. Users should be aware of the standard passwords such as birth names, relative names, numbers or passwords that might be easy for others to guess. Users should protect their personal computers using virus protection. Finally, customers should not hesitate to inquire about any issues that come to their mind. This is the responsibility of the bank to open the door for their users all the time.

Download ppt "E-FINANCE CHAPTER 7 SECURITY E-finance Log into the future, 2nd Edition, Thousand Oakes, London, Internet Banking and Its potential in TRNC, Zakaria Jado."

Similar presentations

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Program Objective Security Basics

Program Objective Security Basics
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Similar presentations

Ads by Google