Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Banking and Book keeping Protecting yourself from you.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 9 Banking and Book keeping Protecting yourself from you."— Presentation transcript:

1 Chapter 9 Banking and Book keeping Protecting yourself from you

2 Why bankbook keeping?? Main business of computer industry Transaction Processing systems launched commercial cryptography Must understand to tackle problems of E- commerce Multilateral security aimed at Authenticity rather than confidentiality

3 Origins of Bookkeeping 8500 BC Invented right after agriculture Keep track of stored food Double entry bookkeeping 1300 AD Each transaction in 2 separate books Debit and credit Books should balance at end of day

4 Bank computer systems Very early automators (60’s and 70’s) Nightly Batch processing Applies transactions to ledgers Ledgers must balance Therefore can not “make money” Must take it from somewhere to assure everything balances Installation of new code tightly controlled Clark-Wilson Security Policy Model

5 Separation of Duties Really against human nature Dual control 2 people must act together to authorize transaction Nuclear 2 or more people must turn keys at same time to launch missiles Functional separation 2 or more people act on a transaction at different points in the path Purchase transaction manager makes purchase decision  purchase clerk, writes PO  warehouse records arrival of goods  invoice arrives  accounts clerk matches invoice to PO and warehouse receipt creates check accounts manager signs check.

6 Separation of Duties in OS Spilt signings using digital signatures Put users in separately administered domains Separate controls between sys admin and auditor Logs, rights,…… Tends to be tedious to set-up and people are lax with it, meaning system admins have to much control and often can commit fraud If back-office balancing controls are in place this should catch this fraud, unless these are computerized also…..

7 What goes wrong? 82% is employees Most times controls were ignored Or adjustments to circumvent controls were exploited There will always be risk, manage it

8 Wholesale Payment Systems SWIFT (Society for Worldwide International Financial Telecommunications) Encryption Authentication Nonrepudiation services SWIFT ran for 20 years with out fraud MAC keys now shared using PK Cryptography Digital signatures also used

9 ATMs Block Ciphers Tamper-resistant hardware Supporting protocols

10 ATM Basics Operations on clear pins on tamper resistant hardware Cards and PINs handled by different facilities Terminal master keys supplied to each ATM via 2 printed components PINs can be encrypted locally or on network If locally encrypted PIN sent to ATM If on network centrally PIN encrypted and sent PIN translation done in hardware security module, therefore clear value not available to programmers

11 What goes wrong Processing errors Theft by mail Fraud by bank staff List pages 201 – 202 Fake PIN harvesting machines Enter card and PIN get cigarettes Software glitches Lack of procedures Bottom line most ATM fraud was not sophisticated attacks on machines

12 Discussion articles Article dealing with multiple being involved in fraud to break separation of duties Good current article on successful bank fraud Article on ATM fraud

13 Articles Here is an article about bank fraud: http://www.usdoj.gov/criminal/cybercrime/th omasIndict.htm http://www.usdoj.gov/criminal/cybercrime/th omasIndict.htm Here are some articles on the genetic database in Iceland. http://www.mannvernd.is/frettir/abc.wnt9902 18_iceland.html http://www.mannvernd.is/frettir/abc.wnt9902 18_iceland.html http://www.actionbioscience.org/genomic/hl odan.html http://www.actionbioscience.org/genomic/hl odan.html

14 List of Resources History http://en.wikipedia.org/wiki/Accountancy Double entry http://en.wikipedia.org/wiki/Double- entry_accounting_system http://en.wikipedia.org/wiki/Double- entry_accounting_system Clark-Wilson security model http://www.answers.com/topic/clark-wilson- model http://www.answers.com/topic/clark-wilson- model

15 List of Resources Separation of duties http://szabo.best.vwh.net/separationofduties.html http://szabo.best.vwh.net/separationofduties.html http://hissa.nist.gov/rbac/paper/node6.html SWIFT http://www.swift.com/

16 List of Resources ATM security http://partnernetwork.visa.com/dv/pin/main.j sp http://partnernetwork.visa.com/dv/pin/main.j sp http://partnernetwork.visa.com/dv/pin/pdf/Vi sa_ATM_Eval_Vendor_Quest.pdf http://partnernetwork.visa.com/dv/pin/pdf/Vi sa_ATM_Eval_Vendor_Quest.pdf http://usa.visa.com/business/accepting_visa /ops_risk_management/cisp.html?ep=v_sy m_cisp http://usa.visa.com/business/accepting_visa /ops_risk_management/cisp.html?ep=v_sy m_cisp http://www.atmmarketplace.com/research.ht m?article_id=25310&pavilion=4&step=story http://www.atmmarketplace.com/research.ht m?article_id=25310&pavilion=4&step=story

Download ppt "Chapter 9 Banking and Book keeping Protecting yourself from you."

Similar presentations

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 12-1.

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 12-1.
What Are the Functions of ATM Machines?

What Are the Functions of ATM Machines?
The Revenue Cycle: Sales to Cash Collections

The Revenue Cycle: Sales to Cash Collections
Group 3 Maria Fernandez de Castro Sonia Canessa-Gonzalez Andres Suarez

Group 3 Maria Fernandez de Castro Sonia Canessa-Gonzalez Andres Suarez
The Expenditure Cycle: Purchasing to Cash Disbursements

The Expenditure Cycle: Purchasing to Cash Disbursements
C6 - 1 Learning Objectives Power Notes 1.Basic Accounting Systems 2.Internal Control 3.Controls Over Cash 4.Internal Control of Cash Receipts 5.Internal.

C6 - 1 Learning Objectives Power Notes 1.Basic Accounting Systems 2.Internal Control 3.Controls Over Cash 4.Internal Control of Cash Receipts 5.Internal.
A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
What is Cloud Accounting? Cloud Server AccountantClient A SOLUTION FOR YOUR BACK-OFFICE Using today’s technology, we can run your accounting and bookkeeping.

What is Cloud Accounting? Cloud Server AccountantClient A SOLUTION FOR YOUR BACK-OFFICE Using today’s technology, we can run your accounting and bookkeeping.
General Ledger Client Write-Up Our General Ledger Write-Up system is a sophisticated program, designed specifically for accounting ad bookkeeping professionals.

General Ledger Client Write-Up Our General Ledger Write-Up system is a sophisticated program, designed specifically for accounting ad bookkeeping professionals.
LOUISIANA GFOA 31 ST ANNUAL FALL CONFERENCE.  Currency  Coin  Checks  Debit Cards  Credit Cards.

LOUISIANA GFOA 31 ST ANNUAL FALL CONFERENCE.  Currency  Coin  Checks  Debit Cards  Credit Cards.
1.7.2.G1 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take.

1.7.2.G1 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Debit Card Plastic card that looks like a credit card

Debit Card Plastic card that looks like a credit card
The most comprehensive Oracle applications & technology content under one roof Procure to Pay Automation Bevan Wright Fusion5 NZ Oracle User Group.

The most comprehensive Oracle applications & technology content under one roof Procure to Pay Automation Bevan Wright Fusion5 NZ Oracle User Group.
Www.winman.com ©2008 TTW Where “Lean” principles are considered common sense and are implemented with a passion! Product Training Credit Cards.

©2008 TTW Where “Lean” principles are considered common sense and are implemented with a passion! Product Training Credit Cards.
Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.
1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.
Sarbanes-Oxley, Internal Control & Cash

Sarbanes-Oxley, Internal Control & Cash
Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.

Similar presentations

Ads by Google