SlideShare a Scribd company logo

Security system in banks

Download as PPTX, PDF
university of education,Lahore
university of education,Lahore

An Introduction

Education
1 of 19
SECURITY SYSTEM IN BANKS SUBMITTED FROM MUHAMMAD ADEEL RIAZ SUBMITTED TO SIR INAM UL HAQ ROLL NO. 3024 UNIVERSITY OF EDUCATION OKARA 1 UNIVERSITY OF EDUCATION LAHORE (OKARA)
TABLE OF CONTENTS Sr. No Description Slides No 1 eBanking Security 3 2 Agenda 4 3 Targets of Attacks 5 4 Clients Attacks 6 5 Geneic Torjans 7 to 10 6 Security Measures 11 to 15 7 Visit to Bank 16to17 8 Conclusion 18 9 Refrence 19 UNIVERSITY OF EDUCATION OKARA 2
eBanking Security? • Is eBanking still safe? • What are the security trends in eBanking? • What can we learn from eBanking trends for other online applications? UNIVERSITY OF EDUCATION OKARA 3
Agenda • eBanking Attacks • Security Measures • Secure Communication • Implementations • Outlook / Thesis UNIVERSITY OF EDUCATION OKARA 4
Target of Attacks Phishing Attacks Trojan Attacks Pharming DNS Spoofing Network Interception Web Application Attacks Attacking Server UNIVERSITY OF EDUCATION OKARA 5
Client Attacks Most promising attack on the client: • Phishing • Motivate user to enter confidential information on fake web site • Simple Trojans • Limited to a handful of eBanking applications • Steal username, password and one time password • Steals session information and URL and sends it to attacker • Attacker imports information into his browser to access the same account • Generic Trojans • In the wild since 2007, but still in development • Can attack any eBanking (and any web application) • New configuration is downloaded continously UNIVERSITY OF EDUCATION OKARA 6
Generic Trojans • Infection of client with user interaction  Email attachments (ZIP, Exe, etc.)  Email with link to malicious web site  Links in social networks  Integrated in popular software (downloads)  File transfer of instant messaging/VoIP/file sharing  CD-ROM/USB Stick • Infection of client without user interaction – Malicious web sites (drive by) – Infection of trusted, popular web sites (IFRAME …) – Misusing software update functionality (like Bundestrojaner) – Attacks on vulnerable, exposed computer (network/wireless) Note: About 1% of Google search query results point to a web site that can lead to a drive by attack. UNIVERSITY OF EDUCATION OKARA 7
Generic Trojans • Features of Generic Trojans – Hide from security tools (anti-virus/personal firewall) – Inject code in running processes / drivers / operating system – Capture/Redirect/Send data – Download new configuration / functionality – Remote control browser instance UNIVERSITY OF EDUCATION OKARA 8
Generic Trojans(cont) • Features useful for eBanking attacks – Send web pages of unknown eBanking to attacker – Download new patterns of eBanking transaction forms – Modify transaction in the background (on the fly) – Collect financial information UNIVERSITY OF EDUCATION OKARA 9
Generic Trojans(cont) Tips and Tricks • Every Trojan binary is unique (packed differently) – Not detectable by Anti Virus Patterns • Trojan code is injected into other files or other processes – Personal Firewall can not block communication • Installs in Kernel – Full privileges on system – Invisible • Bot Networks UNIVERSITY OF EDUCATION OKARA 10
Security Measures • Attack Detection • Second Channel / Secured Channel • Secure Client Secure Client Second Channel Secured Channel Attack Detection UNIVERSITY OF EDUCATION OKARA 11
Attack Detection • Detect session hijacking attacks – Monitor and compare request parameters – Identify SSL Session and IP address changes • Transaction verification / user profiling – Statistic about normal user behaviour – Compare transaction with normal user behaviour – White list target accounts – Limits on transaction amount UNIVERSITY OF EDUCATION OKARA 12
Security Measures(cont) • Second Channel – Send verification using another channel – Another application on the client computer – Another medium like mobile phones (SMS) • Secured Channel – Enter data on an external device – External device can not be controlled by Trojan – Externel device contains a secret key UNIVERSITY OF EDUCATION OKARA 13
Security Measures • Secure Platform – A computer that is only used for eBanking – Bootable CD-ROM, Bootable USB Stick – Virtual Machine – eBanking Laptop • Secure Environment – Start an application (eg Browser) that protects itself from Trojans – Downstripped Browser – Proprietary Application (fat client) – Verify environment before login is possible UNIVERSITY OF EDUCATION OKARA 14
Security Trends UNIVERSITY OF EDUCATION OKARA 15
VISIT A BANK FOR CHECKING SECURITY • Here I was visit the Habib Bank Limited Renala Khurd. • its Branch code is (0557). • HBL established operations in Pakistan in 1947 and moved its head office to Karachi. • Having this bank is high alert banking security. • Here Account verification automatic updates through Mobile Phone of any other networks. UNIVERSITY OF EDUCATION OKARA 16
• Online Banking security in this bank is very high alert. • Protecting from Hackers because its software is good and removing from all bugs and etc. UNIVERSITY OF EDUCATION OKARA 17
Conclusions • Here we found in the above slides that the Banking Security Management/system in Banks at Pakistan is very high. • Banks provide security for individuals, businesses and governments, alike. • It is prove that banks to be vulnerable to many risks, however, including credit, liquidity, market, operating, interesting rate and legal risks. • Debit cards provide easy access to the cash in your account, but can cause you to rack up fees if you're not careful. UNIVERSITY OF EDUCATION OKARA 18
references • http://en.wikipedia.org/wiki/Online banking • http://www.rsa.com/node.aspx?id=1158 • APACS: Online banking usage amongst over 55s up fourfold in five years • http://www.apacs.org.uk/media centre/press/08 24 07.html • APACS: APACS announces latest fraud figures • http://www.apacs.org.uk/APACSannounceslatestfraudfigur es.htm • Symantec SilentBanker Trojaner description http://www.symantec.com/security_response/writeup.jsp? docid=2007-121718-1009-99&tabid=2 UNIVERSITY OF EDUCATION OKARA 19

Recommended

Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banksNetwork Intelligence India
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeyazad dumasia
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurityjumanne rajabu
 
Fraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeFraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeArianto Muditomo
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 

Recommended

Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banksNetwork Intelligence India
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeyazad dumasia
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurityjumanne rajabu
 
Fraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeFraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeArianto Muditomo
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud PreventionBlackbaud
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud PreventionGerald Johnson
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeMuhammad Irfan
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Bank frauds & its safety
Bank frauds & its safetyBank frauds & its safety
Bank frauds & its safetyBISWAJITGHORAI2
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data ProtectionStrategic Insurance Software
 
Bank Fraud & Data Forensics
Bank Fraud & Data ForensicsBank Fraud & Data Forensics
Bank Fraud & Data Forensicswhbrown5
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Controlmohin04
 
Keypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyKeypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyIJRES Journal
 

More Related Content

What's hot

Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud PreventionBlackbaud
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Bank frauds & its safety
Bank frauds & its safetyBank frauds & its safety
Bank frauds & its safetyBISWAJITGHORAI2
 
Bank Fraud & Data Forensics
Bank Fraud & Data ForensicsBank Fraud & Data Forensics
Bank Fraud & Data Forensicswhbrown5
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 

What's hot (20)

Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking Sector
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud Prevention
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
 
Bank frauds & its safety
Bank frauds & its safetyBank frauds & its safety
Bank frauds & its safety
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Bank Fraud & Data Forensics
Bank Fraud & Data ForensicsBank Fraud & Data Forensics
Bank Fraud & Data Forensics
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 

Viewers also liked

GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Controlmohin04
 
Keypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyKeypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyIJRES Journal
 
Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processingArpana shree
 
Bank locker system
Bank locker systemBank locker system
Bank locker systemRahul Wagh
 
Locker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmLocker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmSai Kumar
 
gsm based security system
gsm based security systemgsm based security system
gsm based security systemnayandey
 
iTM Banking Security Presentation
iTM Banking Security PresentationiTM Banking Security Presentation
iTM Banking Security Presentationmaitretester
 
Security in Banks and ATM's
Security in Banks and ATM'sSecurity in Banks and ATM's
Security in Banks and ATM'sInttelix
 
E banking security-09-logistics
E banking security-09-logisticsE banking security-09-logistics
E banking security-09-logisticseBankingSecurity
 
Houlihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey
 
Managing Financial Technology Is It An Art Or Science
Managing Financial Technology Is It An Art Or ScienceManaging Financial Technology Is It An Art Or Science
Managing Financial Technology Is It An Art Or ScienceANZ
 
Wireless and Internet Security Principles
Wireless and Internet Security PrinciplesWireless and Internet Security Principles
Wireless and Internet Security Principlespualoob
 
eID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment serviceseID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment servicesManel Medina
 

Viewers also liked (20)

GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Control
 
Keypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyKeypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm Technology
 
Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processing
 
Bank locker system
Bank locker systemBank locker system
Bank locker system
 
Locker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmLocker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsm
 
E banking security
E banking securityE banking security
E banking security
 
gsm based security system
gsm based security systemgsm based security system
gsm based security system
 
Ppt
PptPpt
Ppt
 
iTM Banking Security Presentation
iTM Banking Security PresentationiTM Banking Security Presentation
iTM Banking Security Presentation
 
Security in Banks and ATM's
Security in Banks and ATM'sSecurity in Banks and ATM's
Security in Banks and ATM's
 
Ppt tls
Ppt tlsPpt tls
Ppt tls
 
E banking security-09-logistics
E banking security-09-logisticsE banking security-09-logistics
E banking security-09-logistics
 
Hold back the invisible enemy
Hold back the invisible enemyHold back the invisible enemy
Hold back the invisible enemy
 
Houlihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware Courts
 
Почта
ПочтаПочта
Почта
 
Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7
 
Managing Financial Technology Is It An Art Or Science
Managing Financial Technology Is It An Art Or ScienceManaging Financial Technology Is It An Art Or Science
Managing Financial Technology Is It An Art Or Science
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online Banking
 
Wireless and Internet Security Principles
Wireless and Internet Security PrinciplesWireless and Internet Security Principles
Wireless and Internet Security Principles
 
eID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment serviceseID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment services
 

Similar to Security system in banks

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdfKunjJoshi14
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Minded Security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 

Similar to Security system in banks (20)

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Network Security
Network Security Network Security
Network Security
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 

More from university of education,Lahore

More from university of education,Lahore (20)

Activites and Time Planning
Activites and Time Planning Activites and Time Planning
Activites and Time Planning
 
Steganography
SteganographySteganography
Steganography
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
Activites and Time Planning
Activites and Time PlanningActivites and Time Planning
Activites and Time Planning
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Network Security Terminologies
Network Security TerminologiesNetwork Security Terminologies
Network Security Terminologies
 
Project Scheduling, Planning and Risk Management
Project Scheduling, Planning and Risk ManagementProject Scheduling, Planning and Risk Management
Project Scheduling, Planning and Risk Management
 
Software Testing and Debugging
Software Testing and DebuggingSoftware Testing and Debugging
Software Testing and Debugging
 
ePayment Methods
ePayment MethodsePayment Methods
ePayment Methods
 
SEO
SEOSEO
SEO
 
A Star Search
A Star SearchA Star Search
A Star Search
 
Enterprise Application Integration
Enterprise Application IntegrationEnterprise Application Integration
Enterprise Application Integration
 
Uml Diagrams
Uml DiagramsUml Diagrams
Uml Diagrams
 
eDras Max
eDras MaxeDras Max
eDras Max
 
RAD Model
RAD ModelRAD Model
RAD Model
 
Microsoft Project
Microsoft ProjectMicrosoft Project
Microsoft Project
 
Itertaive Process Development
Itertaive Process DevelopmentItertaive Process Development
Itertaive Process Development
 
Computer Aided Software Engineering Nayab Awan
Computer Aided Software Engineering Nayab AwanComputer Aided Software Engineering Nayab Awan
Computer Aided Software Engineering Nayab Awan
 
Lect 2 assessing the technology landscape
Lect 2 assessing the technology landscapeLect 2 assessing the technology landscape
Lect 2 assessing the technology landscape
 
system level requirements gathering and analysis
system level requirements gathering and analysissystem level requirements gathering and analysis
system level requirements gathering and analysis
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 

Security system in banks

  • 1. SECURITY SYSTEM IN BANKS SUBMITTED FROM MUHAMMAD ADEEL RIAZ SUBMITTED TO SIR INAM UL HAQ ROLL NO. 3024 UNIVERSITY OF EDUCATION OKARA 1 UNIVERSITY OF EDUCATION LAHORE (OKARA)
  • 2. TABLE OF CONTENTS Sr. No Description Slides No 1 eBanking Security 3 2 Agenda 4 3 Targets of Attacks 5 4 Clients Attacks 6 5 Geneic Torjans 7 to 10 6 Security Measures 11 to 15 7 Visit to Bank 16to17 8 Conclusion 18 9 Refrence 19 UNIVERSITY OF EDUCATION OKARA 2
  • 3. eBanking Security? • Is eBanking still safe? • What are the security trends in eBanking? • What can we learn from eBanking trends for other online applications? UNIVERSITY OF EDUCATION OKARA 3
  • 4. Agenda • eBanking Attacks • Security Measures • Secure Communication • Implementations • Outlook / Thesis UNIVERSITY OF EDUCATION OKARA 4
  • 5. Target of Attacks Phishing Attacks Trojan Attacks Pharming DNS Spoofing Network Interception Web Application Attacks Attacking Server UNIVERSITY OF EDUCATION OKARA 5
  • 6. Client Attacks Most promising attack on the client: • Phishing • Motivate user to enter confidential information on fake web site • Simple Trojans • Limited to a handful of eBanking applications • Steal username, password and one time password • Steals session information and URL and sends it to attacker • Attacker imports information into his browser to access the same account • Generic Trojans • In the wild since 2007, but still in development • Can attack any eBanking (and any web application) • New configuration is downloaded continously UNIVERSITY OF EDUCATION OKARA 6
  • 7. Generic Trojans • Infection of client with user interaction  Email attachments (ZIP, Exe, etc.)  Email with link to malicious web site  Links in social networks  Integrated in popular software (downloads)  File transfer of instant messaging/VoIP/file sharing  CD-ROM/USB Stick • Infection of client without user interaction – Malicious web sites (drive by) – Infection of trusted, popular web sites (IFRAME …) – Misusing software update functionality (like Bundestrojaner) – Attacks on vulnerable, exposed computer (network/wireless) Note: About 1% of Google search query results point to a web site that can lead to a drive by attack. UNIVERSITY OF EDUCATION OKARA 7
  • 8. Generic Trojans • Features of Generic Trojans – Hide from security tools (anti-virus/personal firewall) – Inject code in running processes / drivers / operating system – Capture/Redirect/Send data – Download new configuration / functionality – Remote control browser instance UNIVERSITY OF EDUCATION OKARA 8
  • 9. Generic Trojans(cont) • Features useful for eBanking attacks – Send web pages of unknown eBanking to attacker – Download new patterns of eBanking transaction forms – Modify transaction in the background (on the fly) – Collect financial information UNIVERSITY OF EDUCATION OKARA 9
  • 10. Generic Trojans(cont) Tips and Tricks • Every Trojan binary is unique (packed differently) – Not detectable by Anti Virus Patterns • Trojan code is injected into other files or other processes – Personal Firewall can not block communication • Installs in Kernel – Full privileges on system – Invisible • Bot Networks UNIVERSITY OF EDUCATION OKARA 10
  • 11. Security Measures • Attack Detection • Second Channel / Secured Channel • Secure Client Secure Client Second Channel Secured Channel Attack Detection UNIVERSITY OF EDUCATION OKARA 11
  • 12. Attack Detection • Detect session hijacking attacks – Monitor and compare request parameters – Identify SSL Session and IP address changes • Transaction verification / user profiling – Statistic about normal user behaviour – Compare transaction with normal user behaviour – White list target accounts – Limits on transaction amount UNIVERSITY OF EDUCATION OKARA 12
  • 13. Security Measures(cont) • Second Channel – Send verification using another channel – Another application on the client computer – Another medium like mobile phones (SMS) • Secured Channel – Enter data on an external device – External device can not be controlled by Trojan – Externel device contains a secret key UNIVERSITY OF EDUCATION OKARA 13
  • 14. Security Measures • Secure Platform – A computer that is only used for eBanking – Bootable CD-ROM, Bootable USB Stick – Virtual Machine – eBanking Laptop • Secure Environment – Start an application (eg Browser) that protects itself from Trojans – Downstripped Browser – Proprietary Application (fat client) – Verify environment before login is possible UNIVERSITY OF EDUCATION OKARA 14
  • 15. Security Trends UNIVERSITY OF EDUCATION OKARA 15
  • 16. VISIT A BANK FOR CHECKING SECURITY • Here I was visit the Habib Bank Limited Renala Khurd. • its Branch code is (0557). • HBL established operations in Pakistan in 1947 and moved its head office to Karachi. • Having this bank is high alert banking security. • Here Account verification automatic updates through Mobile Phone of any other networks. UNIVERSITY OF EDUCATION OKARA 16
  • 17. • Online Banking security in this bank is very high alert. • Protecting from Hackers because its software is good and removing from all bugs and etc. UNIVERSITY OF EDUCATION OKARA 17
  • 18. Conclusions • Here we found in the above slides that the Banking Security Management/system in Banks at Pakistan is very high. • Banks provide security for individuals, businesses and governments, alike. • It is prove that banks to be vulnerable to many risks, however, including credit, liquidity, market, operating, interesting rate and legal risks. • Debit cards provide easy access to the cash in your account, but can cause you to rack up fees if you're not careful. UNIVERSITY OF EDUCATION OKARA 18
  • 19. references • http://en.wikipedia.org/wiki/Online banking • http://www.rsa.com/node.aspx?id=1158 • APACS: Online banking usage amongst over 55s up fourfold in five years • http://www.apacs.org.uk/media centre/press/08 24 07.html • APACS: APACS announces latest fraud figures • http://www.apacs.org.uk/APACSannounceslatestfraudfigur es.htm • Symantec SilentBanker Trojaner description http://www.symantec.com/security_response/writeup.jsp? docid=2007-121718-1009-99&tabid=2 UNIVERSITY OF EDUCATION OKARA 19