Securing Online Banking Services in an Insecure Environment
ajer research
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Abstract: This research, Securing Online Banking Services in an Insecure Environment sought to address security problems resulting from account credentials theft and all other forms of malicious activities surrounding online banking transactions. A new system implemented using JavaScript for securing online banking transaction has been provided in this research with the aim of increasing security over the existing models. The new system enables the customers and banks to authenticate each other and sign processed transactions online. From the results, the new framework also solves the issues of authentication, confidentiality, integrity and non-repudiation, using an integrated three-tier, trusted and secure channel. In addition to the creation of a secure channel between client’s computers and the bank’s server, a secure algorithm, challenge-Respond security algorithm that would be suitable for clients’ side security (web browser) was implemented. Thus, the secure three-tier transaction model was recommended for banking services as it was found to be suitable for building client trusts.
Related papers
Security in Online Banking Services – A Comparative Study
International Journal of Innovative Research in Science, Engineering and Technology, 2014
Today's world is one with increasing use of online access to services. One part of this which is growing hurriedly is Internet Banking. To provide customers with safe, consistent,robust online environment to do online banking the banks should implement "best of breed" technologies to authenticate customers identities when they log in, to guarantee that their data is transmitted securely and consistently Bank should have best backup and contingency strategies and should formulate best security plans and practices. This paper tries to explore several of Technologies and Security Standards the different researchers have recommended to banks for safe internet banking and comparison of number of security systems based on the recommendations given by these authors for secure online banking.
Client Authorization and Secure Communication in Online Bank Transactions
Network security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. This safety plays a vital role in bank transactions where disclosure of any data results in huge loss. In this paper, Various security threats are illustrated using a tree structure being root nodes as the threats and leaf nodes to achieve those threats and probable measures to overcome the same has been described. security of online bank transactions have been improved by increasing the number of bits used in establishing the SSL connection as well as in RSA asymmetric key encryption along with SHA1 used for digital signature to authenticate the client. Analysis and the results obtained will prove the improved security in proposed method.
Internet Banking System & Security Analysis.pdf
School of computing science and engineering Galgotias university Abstract:
A Survey of Authentication and Communications Security in Online Banking
ACM Computing Surveys, 2017
A survey was conducted to provide a state of the art of online banking authentication and communications security implementations. Between global regions the applied (single or multifactor) authentication schemes differ greatly, as well as the security of SSL/TLS implementations. Three phases for online banking development are identified. It is predicted that mobile banking will enter a third phase, characterized by the use of standard web technologies to develop mobile banking applications for different platforms. This has the potential to make mobile banking a target for attacks in a similar manner that home banking currently is.
A Model for Securing E-Banking Authentication Process: Antiphishing Approach
2008 IEEE Congress on Services - Part I, 2008
This paper presents the authentication environment defined for securing E-Banking applications. The proposed method is part of a Phd Doctoral thesis aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. The authentication model has been designed to be easily applicable with minimum impact to the current Internet banking systems. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks. The key point of this model is the need for multifactor mutual authentication, instead of simply basing the security on the digital certificate of the financial entity, since in many cases users are not able to discern the validity of a certificate, and may not even pay attention to it. By following the rules defined in this proposal, the security level of the Web Banking environment will increase and customers' trust will be enhanced, thus allowing a more beneficial use of this service.
Internet Banking System & Security Analysis
International Journal of Engineering and Computer Science, 2017
Internet banking or E-banking has attracted the attention of banks, securities, insurance companies in developing nations since the late 1990s and the rapid and significant growth in electronic sectors and commerce it's obvious that electronic (online internet) banking and payments are likely to advance or rapidly increased. Introduction:-Major Challenges For E-Banking In India:-E-Banking in India is its emerging state of development. Most of them are basic services only the deregulation of e-banking industry coupled with the emergence of new banking technology is enabling new competitors to enter the financial services to enter the financial services markets quickly and efficiently. However, it needs to be recognised that perception norms and an improvement in the functioning of services.
Towards The Security of User Authentication For Internet Banking Sites – The Nigerian Situation
MicroWave International Journal of Science and Technology Vol.6 No. 2014, 2014
Internet banking has become a new trend in the Nigerian banking system for a couple of years now. This has made financial transactions involving intra and interbank debit and credit transactions to be flexible and on the go. To this end, moving large sums of money between accounts is seen to be easier and faster with the added security of privacy. However, the introduction of internet banking has significant security concerns. Since a user is authenticated with nominal details such as username and password, there is the likelihood of identify spoofing, brute force and dictionary attacks. Most transactions for internet banking are done on websites that use the conventional hypertext transfer protocol (HTTP) for communications without deploying the added security layer of Secure Socket Layer/Transport Layer Security (SSL/TLS), which ensures the encryption of the packets transmitted between the client and the server. It is a well known fact that using HTTP transmits contents in the clear, which can be easily intercepted using man in the middle attacks. There is the need, therefore, to adopt a more secure means of transmitting transaction information of customers over the Internet such that the transmitting tunnel makes the contents unintelligible to a malicious user in the event of the interception of the transmitted data. The focus of this paper will be to discuss the various technologies deployed for enhancing the secure delivery of online-based transactions with emphasis on the Nigerian banking system. The paper will also adopt a user authentication method based on a two-factor authentication mechanism, which allows users to securely log into their online accounts using a two-factor authentication method.
Towards Securing E-Banking by an Integrated Service Model Utilizing Mobile Confirmation
Increasing advances of technology improve providing of services to people. Nowadays, although e-banking technology play an important role in speeding service providing and decreasing distances and costs, but impose some challenges to executives. People are always distrusted to the internet and banking businesses are encountering challenge of security and information privacy assurance to overcome this distrust. They should also provide confirmation of transactions to prevent unauthorized transactions when sensitive authentication information is thieved. In this paper, an integrated service providing model for e-banking is proposed that combining Core Banking and Single Sign-On(SSO) systems' functionalities, provide centralized management, simplicity and reduced faults, and provide more security using transaction approval process by mobile phone.
Study on security risks of e-banking system
2021
Received Mar 10, 2020 Revised May 11, 2020 Accepted May 25, 2020 Online banking and other e-banking modes are a very convenient way to banking in terms of speed, convenience and delivery costs, but they have brought many risks alongside them. Online banking has created a new risk orientation and even new forms of risk. Technology plays an important role as both a source and a tool for risk control. The purpose of this research is to identify the security situation of the e-banking application and to analyze the risks and attacks that could occur to the customers that, although it’s an ebanking application attacks could happen. Several mitigations were mentioned to overcome attacks like, access control is to mitigate eavesdropping this means that, restricting access to sensitive data is mandatory. Another way to mitigate is, update and patch which is for SQL injection meaning, it's vital to apply patches and updates when it’s available. These attacks may attack the whole applicat...
A Review of Security Aspects of Online and ATM Transactions in Banking Domain
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE), 2015
Bankingimprovements made customers to access their services more conveniently. Among the services offered by the banks, ATM services play key role to minimize customer‟s time and energy. The current technologies elaborate fast and were constantly bringing new area to our day to day life. This paper is also includes the literature review of security aspects of online banking and ATM transactions.The growth in online transactions has resulted in a greater demand for fast and precise user identification and authentication. The study is conclude that the ebanking and ATM is very convenient mode of electronic banking .Similarly to these studies, our target is to measure the performance of online banking and ATM transactions perform by using different technologies like Biometric Technology (Thumb, Iris, Face recognition etc.), and two way authentication as well as three way authentication process. This paper gives a brief literature review and examines previous research on different topic...
Related papers
Building A Secure Internet Banking Environment for the Bank
Building A Secure Internet Banking Environment for the Bank, 2021
This study was developed for the Bank and implemented on a real test environment and the study aims to build a secure Internet Banking Environment for the Bank which provides a high level of security and availability and effective management and control of a network environment. The researchers used the interview and questionnaire as tools to collect data for the primary and final study. By analyzing the interview questions and the questionnaire, the researchers concluded that the bank needs to build an online banking environment with a high level of security and availability to save time and effort for customers and the bank, reduce congestion on the bank, gain customer satisfaction, get more customers and meet their requirements At the end of the study, the researchers made a plan for implementing the appropriate proposed solutions.
Secure and cost effective transaction model for financial services
2009
At a time when e-commerce applications are fast emerging as an efficient and popular delivery channel for financial services, security risk is also enhanced which can transform the lives of many for the worse. With the advent of the e-commerce, it has become much easier for a 'data bandit' to sit in non descriptive location and quietly siphon away money from the service users. The financial service outlets (e.g. automated teller machine (ATM), Point of Sale (PoS) terminals) have been a soft target for these bandits since long. In the existing model, the users are forced to trust a service outlet to be authentic. A spoofed outlet can collect the account information and misuse it in some way later. Installing an outlet is also an expensive affair due to the need of dedicated network connectivity and hardware.
Internet Banking System & Security Analysis
International Journal Of Engineering And Computer Science, 2017
Internet banking or E-banking has attracted the attention of banks, securities, insurance companies in developing nations since the late 1990s and the rapid and significant growth in electronic sectors and commerce it's obvious that electronic (online internet) banking and payments are likely to advance or rapidly increased. Introduction:-Major Challenges For E-Banking In India:-E-Banking in India is its emerging state of development. Most of them are basic services only the deregulation of e-banking industry coupled with the emergence of new banking technology is enabling new competitors to enter the financial services to enter the financial services markets quickly and efficiently. However, it needs to be recognised that perception norms and an improvement in the functioning of services.
Security and Fraud Issues of E-banking
E-banking has a lot of benefits that add value to customer’s satisfaction in term of better service quality, and at the same time enable banks to gain a competitive advantage over other competitors. However, more attention towards e-banking security is required and needed against fraudulent behavior because the lack of control over security makes e-banking still un-trusted for many till today. This paper presents security issues related to e-banking along with the characteristics and challenges of e-banking fraud. Different types of attacks, some fraud detection strategies, and some prevention methods used by electronic banks, are also presented in this paper. An expert opinion method was used to rank different model and techniques in security. Results indicated that the most effective model is “Transaction Monitoring” and the worst models based on respondent’s opinions are “Virtual Keyboards”, “Browser Protection”, and “Device Identification”. The organization of this paper go in the following manner: section 1 will introduce the topic, followed by a literature review in section 2. Section 3 depicts the research methodology adopted and the data analysis process. Finally, conclusions and future work are stated at the end of the paper.
A model to authenticate requests for online banking transactions
Alexandria Engineering Journal, 2012
As the number of clients using online banking increases, online banking systems are becoming more desirable targets for attacks. To maintain the clients trust and confidence in the security of their online banking services; financial institutions must identify how attackers compromise accounts and develop methods to protect them. Towards this purpose, this paper presents a modified model to authenticate clients for online banking transactions through utilizing Identity-Based mediated RSA(IB-mRSA) technique in conjunction with the one-time ID concept for the purpose of increasing security, avoiding swallow's sorties and preventing reply attacks. The introduced system exploits a method for splitting private keys between the client and the Certification Authority (CA) server. Neither the client nor the CA can cheat one another since one-time ID can be used only once and each signature must involve both parties. The resulting model seems to be practical from both computational as well as storage point of view. The experimental results show the effectiveness of the proposed model.
12. Security Issues in E-Banking: An Exploration
Gujarat Technological University
Indian banking industry is showing growth as also technology enabled banking services. This has brought in its wake new channels (especially e-channels) that have led to in certain cases to the reduction of total user costs. The flip side is that this has raised issues of security, accuracy, property and privacy for customers availing these innovative services. These issues pose challenges to the providers of these services. The paper is an attempt to highlight the possible areas of risks for the consumers, the efforts made by the bankers to mitigate these risks, and the views of customers related to security of their e-banking transaction.
A new approach to e-banking
2007
This paper demonstrates that general purpose computing devices, including mobile phones, are not a sufficiently trustworthy platform for financial transactions. Current defences against phishing attacks, including multi-factor authentication systems, do not work against many attacks. Such attacks have been seen in the wild as well as in theory. This paper proposes hardware which would secure internet transactions without requiring any trust to be placed in a general-purpose computing device. The key to the device is a set of protocols to provide end-to-end security coupled with a trustworthy user interface which provides transparency about what transaction the user is authorizing. In addition, this paper proposes that the device can provide transaction audit trails which support the customer in case of disputes with the bank.
Review paper on analysing the information security in Internet banking
Innovation is doing new things, which leads to change. With the growth in information technology, the world has revolutionized. It has actually changed the way of communication, of doing business, of transacting and even of thinking. The impact of information technology especially internet is visible everywhere in almost all domains like hospitality, education, banking, etc. Banking sector has diversely grown. It has been offering various services to the customers. In this paper we will see how much banks and the customers are comfortable using the Internet banking, what kind of services are being offered by various banks, why people were and are rigid, hesitant and reluctant to accept e-banking, what factors and initiative banks should take to bring customers towards e-banking . This paper presents a systematic review of more than 60 research papers which will start from the basic benefits for adopting internet banking, to the issues involved in the same specifically related to the security. To make a decision on the usage of internet banking the most imperative aspect is security. There are various security threats and there are multiple researches going on for providing a better security measure.
E-Banking Security Study—10 Years Later
IEEE Access
ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work's main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.