Presentation is loading. Please wait.

Presentation is loading. Please wait.

World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank.

Published byPatricia French Modified over 9 years ago

Similar presentations

Presentation on theme: "World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank."— Presentation transcript:

1 World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank November 2003

2 World Bank Integrator Unit Organization of Presentation  Digital Trends in Payments  Nature of the Threat  Market Structure and E-Risk in Emerging Economies  A Four Pillar Approach  Future Challenges

3 World Bank Integrator Unit Four Streams of E-FinanceEBT ETC EDI EFT # of Global EFT Transactions677,411,204

4 World Bank Integrator Unit I. Digital Trends in Retail Payments  Increased dependence on Information Technologies –The convergence of technologies –Leapfrogging opportunities provided by e- finance stimulate growth –The growth of wireless in EMG  New, interoperable technologies dependent on the Internet infrastructure –VOIP –Satellite and cyber-location  E-commerce, retail and even micro payments

5 World Bank Integrator Unit Connectivity: Mobile Phones

6

7 World Bank Integrator Unit II. The Nature of the Threat  The threat is not new  A cyber world allows for crimes of greater magnitude with greater speed  Lack of incentives for reporting hides true e- security vulnerabilities  Cyber threats have been rising globally as technologies converge  Emerging markets are not immune

8 World Bank Integrator Unit System Access: E-Risk and Fraud  System Access in a Networked Environment  Access Tools –Hacking software vulnerabilities, viruses, worms, Trojans, Denial of Service (DOS)  Types of E-Fraud –Identity Theft –Extortion (reputation) –Salami Slice –Funds Transfer –Electronic Money Laundering

9 World Bank Integrator Unit III. E-Risk Market Structure in Emerging Economies  Many emerging markets have concentrated provisioning of hosting services  Interlinked ownership: Telecom companies, ISPs, e-security service companies, and banks  No real separate independent e-security industry  Shortage of human capital in EMG in this area –CISOs –E-Security providers versus white knights

10 World Bank Integrator Unit IV. A Four Pillar Approach

11 World Bank Integrator Unit Pillar 1 Legal framework, Incentives, Liability  No one owns the internet so how can self- regulation work?  Basic laws in the e-security area vary a lot across countries as do penalties  Defining a money transmitter  How to define a proper service level agreement (SLA)  Downstream liability  Issues in certification and standard setting

12 World Bank Integrator Unit Pillar 3 Certification, Standards, Policies and Processes  Certification –Software and hardware –Security vendors –E-transactions  Policies  Standards  Procedures

13 World Bank Integrator Unit Pillar 2 Supervision and External Monitoring  Technology Supervision and Operational Risk: –Retail Payment Networks;Commercial Banks; E- Security Vendors –Capital Standards and E-Risk –On-Site IT examinations –Off-site processes –Coordination: between regulatory agencies; between supervisors and law enforcement  Cyber-Risk Insurance  Education and Prevention

14 World Bank Integrator Unit Pillar 4 Layered Electronic Security  12 Core Layers of proper e-security  Part of proper operational risk management  General axioms in layering e-security –Attacks and losses are inevitable –Security buys time –The network is only as secure as its weakest link

15 World Bank Integrator Unit Intruder Begins Attack Exploiting a hole in the internet banking software, SQL insertion is used to run system commands on the database server. The web server authenticates against the customer database The attacker runs a command that opens a remote command shell

16 World Bank Integrator Unit Network is completely compromised The domain passwords are cracked, and access to the administrator’s workstation is now available. The administrator accesses the mainframe from his desktop, and saves all the passwords for easy access. A remote desktop is pushed back to attacker Now that the firewall security has been bypassed completely, the attacker uses the database server to take over the domain controller. The attacker can now access the mainframe as if he were sitting at the administrator’s desk. Hmmm… what else can he access from here?

17 World Bank Integrator Unit Select Weaknesses  Passwords  Over-reliance on encryption  Patch management  Rogue HTTP Tunnels  Outsourcing  Wireless Security

18 World Bank Integrator Unit  Keys can be: – Altered by a hacker – Captured through video-viewing – Broken by parallel processor when of limited length – Stolen through manipulation of fake names and ID’s – Compromised when password and token protection are cracked  Certificate Authorities can: –Have a different definition of “trust” –Operate with an insecure physical network security –Be broken into, and public key files altered Technical Vulnerabilities of PKI

19 World Bank Integrator Unit GSM Vulnerabilities  SIM-CARD Vulnerability  SMS Bombs  Gateway Vulnerability  WAP Vulnerability  Man in the Middle Attack

20 World Bank Integrator Unit

21 V. Challenges Ahead  Building awareness  Creating a culture of electronic security as part of business process  Building e-security considerations into investment planning and RFP design  Assuring proper development of the four pillars in emerging markets

22 World Bank Integrator Unit World Bank Integrator Group 2003 For further information : www1.worldbank.org/finance (click on E-security) tglaessner@worldbank.org tglaessner@worldbank.org

Download ppt "World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank."

Similar presentations

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.

Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel: 62299109 Email:

CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel:
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001 Presented to the ICGFM Annual Conference.

“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
GSM: A Double-edged Sword Tom Kellermann, CISM Sr. Data Risk Management Specialist, The World Bank.

GSM: A Double-edged Sword Tom Kellermann, CISM Sr. Data Risk Management Specialist, The World Bank.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Similar presentations

Ads by Google