The document discusses fraud risks in e-banking and provides recommendations to address them. It summarizes the evolution of e-banking in India, benefits and vulnerabilities. Examples of major data breaches globally and in India are provided. Common e-banking fraud types like phishing, malware attacks etc. are described along with their characteristics. The document recommends controls that can be implemented by banks and users to enhance security of e-banking transactions and detect frauds.
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
The financial services industry, like most businesses and consumers, has become dependent on mobile communications as a way to conduct business, manage customer information, exchange data, and work with customers. Due to its convenience, speed and ease, the electronic form of money has gained tremendous popularity among ordinary people and businesses
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
A counter challenge authentication method is presented for authentication of online users of web applications. The authentication method involves a counter challenge from a user to a web application asking to provide certain information from one or more user details recorded at the time of registration. The user enters his password and logs into the web application only in case the correct answer is received from the web application. This advanced authentication method protects online application users from phishing attacks. An incorrect answer or inability of the web application to provide the correct answer to the challenge is a clear indication of a phishing attack, thereby alerting the user and stopping submission of password to phishers. The authentication method is computer independent and eliminates dependency on two-factor authentication, hardware tokens, client software installations, digital certificates, and user defined seals.
e-banking and security are important for any business. Hover what are the challenges faced and what is the gap between customer and security expectations.
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
The financial services industry, like most businesses and consumers, has become dependent on mobile communications as a way to conduct business, manage customer information, exchange data, and work with customers. Due to its convenience, speed and ease, the electronic form of money has gained tremendous popularity among ordinary people and businesses
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
A counter challenge authentication method is presented for authentication of online users of web applications. The authentication method involves a counter challenge from a user to a web application asking to provide certain information from one or more user details recorded at the time of registration. The user enters his password and logs into the web application only in case the correct answer is received from the web application. This advanced authentication method protects online application users from phishing attacks. An incorrect answer or inability of the web application to provide the correct answer to the challenge is a clear indication of a phishing attack, thereby alerting the user and stopping submission of password to phishers. The authentication method is computer independent and eliminates dependency on two-factor authentication, hardware tokens, client software installations, digital certificates, and user defined seals.
e-banking and security are important for any business. Hover what are the challenges faced and what is the gap between customer and security expectations.
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
In the era ofinternet, most ofthe people all over the world completed their transaction
on internet. Though the user of electronic transaction or E-money transaction system
increase rapidly but the majority person are concern about the security of this system.
The growth in online transactions has resulted in a greater demand for fast and accurate
user identification and authentication. Conventional method of identification based on
possession of ID cards or exclusive knowledge like a social security number or a
password are not all together reliable. Identification and authentication by individuals'
biometric characteristics is becoming an accepted procedure that is slowly replacing the
most popular identification procedure – passwords. Among all the biometrics, fingerprint
based identification is one of the most mature and proven technique. Along with the
combination of conventional system, biometric security, Global positioning system(GPS)
and mobile messaging we have design an algorithm which increase security ofelectronic
transaction and more reliable to user. A three layer security model to enhancing security
ofelectronic transaction is proposed in this paper.
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
This project concentrates on the area of internet fraud called “Identity Theft”. It focuses on the responsibility of the individual cardholder in preventing or reducing fraud. It is based upon a belief that educating and empowering consumers has the ability to decrease internet/e-Commerce fraud by way of reducing identity theft.
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
Information is such a thing which if misused, leaked or breached can lead to undesirable consequences. Financial institutions have a lot of data of their customers. These data’s are regarding customers’ personal information, transactions and many more which are highly sensitive. The entire system by which financial institutions such as – banks run, are required to be secured from cyber breach. As by breaching these systems’ can lead to financial disaster. The rapid growth of IT infrastructure is not only considered a convenient way for customers in many perspectives but also it point out the lack of skilled manpower in our country. In banking sector, ATM, E-money laundering are the domain where crime occurred most of the time. So, this paper focuses on developing a conceptual framework based on secondary sources which included publications, journal, books etc. regarding the problem of cyber-threat happening in Bangladesh. It describes how a financial institute can make safe transaction using biometric based public key infrastructure with the help of digital certificate.
During the past decade e banking has emerged with enormous speed The use of e banking and the application of e banking is now enormous these days But the modern banking completely relies on internet and computer technology, the threats and the chances of breaching the security has also increased We are totally dependent on the internet to carry out the transactions and the daily routines in the banks Thus there is the immense need of increasing the security in the banking field We have developed the system in which we have developed a secure banking system We are using Finger print authentication device and the GSM module to carry out the functionalities of the system Bilal Hussain Ch | Subayyal "Secure E-Banking Using Bioinformatics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18455.pdf
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability.
With the wave of digitization, there is drastic increase in the usage of mobile internet. The fraudulent financial transactions are rising at par too. Financial fraud is a big business now and the figures are shooting higher in every aspect.
An Algorithm for Electronic Money Transaction Security (Three Layer Security)...Syeful Islam
In the era ofinternet, most ofthe people all over the world completed their transaction
on internet. Though the user of electronic transaction or E-money transaction system
increase rapidly but the majority person are concern about the security of this system.
The growth in online transactions has resulted in a greater demand for fast and accurate
user identification and authentication. Conventional method of identification based on
possession of ID cards or exclusive knowledge like a social security number or a
password are not all together reliable. Identification and authentication by individuals'
biometric characteristics is becoming an accepted procedure that is slowly replacing the
most popular identification procedure – passwords. Among all the biometrics, fingerprint
based identification is one of the most mature and proven technique. Along with the
combination of conventional system, biometric security, Global positioning system(GPS)
and mobile messaging we have design an algorithm which increase security ofelectronic
transaction and more reliable to user. A three layer security model to enhancing security
ofelectronic transaction is proposed in this paper.
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
This project concentrates on the area of internet fraud called “Identity Theft”. It focuses on the responsibility of the individual cardholder in preventing or reducing fraud. It is based upon a belief that educating and empowering consumers has the ability to decrease internet/e-Commerce fraud by way of reducing identity theft.
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
Information is such a thing which if misused, leaked or breached can lead to undesirable consequences. Financial institutions have a lot of data of their customers. These data’s are regarding customers’ personal information, transactions and many more which are highly sensitive. The entire system by which financial institutions such as – banks run, are required to be secured from cyber breach. As by breaching these systems’ can lead to financial disaster. The rapid growth of IT infrastructure is not only considered a convenient way for customers in many perspectives but also it point out the lack of skilled manpower in our country. In banking sector, ATM, E-money laundering are the domain where crime occurred most of the time. So, this paper focuses on developing a conceptual framework based on secondary sources which included publications, journal, books etc. regarding the problem of cyber-threat happening in Bangladesh. It describes how a financial institute can make safe transaction using biometric based public key infrastructure with the help of digital certificate.
During the past decade e banking has emerged with enormous speed The use of e banking and the application of e banking is now enormous these days But the modern banking completely relies on internet and computer technology, the threats and the chances of breaching the security has also increased We are totally dependent on the internet to carry out the transactions and the daily routines in the banks Thus there is the immense need of increasing the security in the banking field We have developed the system in which we have developed a secure banking system We are using Finger print authentication device and the GSM module to carry out the functionalities of the system Bilal Hussain Ch | Subayyal "Secure E-Banking Using Bioinformatics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18455.pdf
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability.
With the wave of digitization, there is drastic increase in the usage of mobile internet. The fraudulent financial transactions are rising at par too. Financial fraud is a big business now and the figures are shooting higher in every aspect.
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
Cybersecurity has been the major area of concern throughout 2022 and now 2023 is all set to witness a new version of cyber-attacks with advanced technologies.
The most prevalent trend in today’s
financial services industry is the shift to
digital, specifically mobile and online
banking. In the era of unprecedented
convenience and speed, consumers don’t
want to trek to a physical bank branch to
handle their transactions. While on the one
hand, banks are releasing new features to
attract more customers and retain the
existing ones, on the other hand, startups
and neo banks with disruptive banking
technologies are breaking into the scene.
The use of Artificial Intelligence (AI) in the
banking industry can revolutionize the way
banks operate and provide services to
their customers, improving eciency,
productivity, and customer experience.
Credit Cards Frauds and Cybersecurity Threats Machine Learning Detection Algo...ijtsrd
Credit and Debit cards have become the choice mode of payment online as a result of the proliferation of electronic transactions and advancement in Information and Communication Technology ICT . Because of the increased use of credit cards for payment online, the number of fraud cases associated with it has also increased scammers and fraudsters are stealing credit card information of victims online and thereby stealing their monies. There is the need therefore to stop or abate these frauds using very powerful fraud detection system that detects patterns of credit card frauds in order to prevent it from occurring. In this paper we x rayed the concept of credit card frauds and how they are carried out by fraudsters. Python 3.7.6 programming language, Jupyter Notebook 6.0.3 and Anaconda Navigator 1.9.12 were used as experimental test bed. Also, we implemented two different supervised machine learning algorithms on an imbalanced dataset such as Decision Tree and Random forest techniques. A comparative analysis of the credit card detection capabilities of these machine learning algorithms were carried out to ascertain the best detection algorithm using different performance evaluation metrics such as accuracy, precision, recall, f1 score, confusion matrix. Experimental results showed that Random Forest outperformed Decision Tree algorithm slightly in performance metrics used for performance evaluation. Obodoeze Fidelis C. | Oliver Ifeoma Catherine | Onyemachi George Olisamaka | Udeh Ifeanyi Frank Gideon | Obiokafor, Ifeyinwa Nkemdilim "Credit Cards Frauds and Cybersecurity Threats: Machine Learning Detection Algorithms as Countermeasures" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-7 , December 2022, URL: https://www.ijtsrd.com/papers/ijtsrd52440.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/52440/credit-cards-frauds-and-cybersecurity-threats-machine-learning-detection-algorithms-as-countermeasures/obodoeze-fidelis-c
As a business owner in Delaware, staying on top of your tax obligations is paramount, especially with the annual deadline for Delaware Franchise Tax looming on March 1. One such obligation is the annual Delaware Franchise Tax, which serves as a crucial requirement for maintaining your company’s legal standing within the state. While the prospect of handling tax matters may seem daunting, rest assured that the process can be straightforward with the right guidance. In this comprehensive guide, we’ll walk you through the steps of filing your Delaware Franchise Tax and provide insights to help you navigate the process effectively.
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxmy Pandit
Explore the world of the Taurus zodiac sign. Learn about their stability, determination, and appreciation for beauty. Discover how Taureans' grounded nature and hardworking mindset define their unique personality.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...Kumar Satyam
According to TechSci Research report, “India Orthopedic Devices Market -Industry Size, Share, Trends, Competition Forecast & Opportunities, 2030”, the India Orthopedic Devices Market stood at USD 1,280.54 Million in 2024 and is anticipated to grow with a CAGR of 7.84% in the forecast period, 2026-2030F. The India Orthopedic Devices Market is being driven by several factors. The most prominent ones include an increase in the elderly population, who are more prone to orthopedic conditions such as osteoporosis and arthritis. Moreover, the rise in sports injuries and road accidents are also contributing to the demand for orthopedic devices. Advances in technology and the introduction of innovative implants and prosthetics have further propelled the market growth. Additionally, government initiatives aimed at improving healthcare infrastructure and the increasing prevalence of lifestyle diseases have led to an upward trend in orthopedic surgeries, thereby fueling the market demand for these devices.
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
Ssp fraud risk vulnerablity in ebanking
1. The Institute of Internal Auditors India,
Madras Chapter
Fraud Risk Vulnerability
in
E- Banking
-Sathyananda Prabhu
Mob : 9442502094
Email: sathyanandaprabhu@gmail.com
2. “Electronic banking”
“Virtual banking”
“Online banking”
refers to
Utilization of ICT to conduct
banking transactions.
A system of banking where all banking needs are delivered
remotely through electronic channels without need for
customer to visit the branch.
Benefits:
Cost effective delivery channel – 10% of physical channel
Excellent Customer experience
Product design and Innovation. Dynamic product offer
Less time to Market
Easy reach to customers
E- Banking
3. E-banking –Evolution in India
Rangarajan Committee report on
computerization in banks 1989 introduced
centralized clearing , inter-connectivity of
branches, e-banking
ALPM / TBC / Core banking
Clearing house, ECS , NEFT, RTGS,
ATM /CDM/ Debit Card / Credit Card/ PoS
Internet banking
Mobile banking
Online stock trading and wealth
management
Payment wallets , NFC ,
BI, Analytics, Cloud, Social Media, Bitcoin
Most of the banking transactions today is
online
4. Networked world – Highly vulnerable
In 2013, 110 million Target customers either had their personal
information hacked, their credit and debit card information stolen, or
both. Breach occurred through PoS and a backend portal.
Breach in Sony, hackers stolen over 100 terabytes of data containing
Social Security numbers, salaries, movies, and other personally
identifiable information.
In 2014 , a Pony (a cyber-crime ring) botnet stole 85 virtual wallets
filled with Bitcoins and other digital currencies, according to the security
firm Trustwave.
Perpetrators attempted to steal $951 million from the Bangladesh
central bank's account with the Federal Reserve Bank of New York by
planting malware and gaining access to credentials.
The Hacking at Equifax in 2017, impacting personal information
relating to 143 million U.S. consumers
IoT is widening the attack vector . Any electronic device can hack into
another device/bank account.
5. A study from Juniper Research has reported that the
value of online fraudulent transactions is expected to
reach $25.6 billion by 2020, up from $10.7 billion in
2016 and 27% of this will be in banking.
According to 2013 Norton report by Symantec :
-Average cost Per
Victim doubled
from 2012.
-Victims concentrated in
Russia (85%),
China (77%),
South Africa (73%),
Annual number of victims has been estimated in 378
Million and amount $ 113 BN.
6. Few examples of Breaches in India
In July 2016, union bank of India swift reconciliation team found
that an amount of $171 million had been debited from the dollar
account of the bank without authorization, and the money had
travelled far and wide. Immediate detection and action helped retrieve
amount.
Card data of 3.2 million customers was stolen between 25 May and 10
July in 2016 from a network of Yes Bank Ltd ATMs managed by
Hitachi Payment Services Pvt. Ltd
Axis Bank reported cyber security breach in October 2016; malware
found in its server , no monetary loss reported.
Bank of Maharashtra lost Rs25 crore when a bug in the Unified
Payments Interface (UPI) system allowed people to send money
without having the necessary funds in their accounts.
SBI ATM in Odisha spews out cash without any card being swiped.
Physical malware attack suspected in these ATMs.
PoS machine in a bank allowed withdrawals without money in the
account – flaw in a new program installed on switch
WannaCry Ransom ware attack
Petya cyber attack.
Large number of Customers compromising their credentials to
phishing/vishing attacks and lost money
Skimming attacks in ATMs made many to lose money
7. E-banking Frauds -
Bangalore CID arrested the culprits in a case where Card
data of large number of customers were stolen by fraudsters
by planting card skimmers and pin cameras at ATMs and
amount stolen through cloned cards.
A customer receives a call mentioning he is calling from the
Bank and obtains card information and misuses for carrying
out online transactions using these credentials. Social
engineering is used
Paypal scammers sent out an attack email that instructs
them to click on a link in order to rectify a discrepancy with
their account. In actuality, the link leads to a fake PayPal
login page that collects a user’s login credentials and
delivers them to the attackers.
In spear phishing scams, fraudsters customize their attack
emails with the target’s name, position, company, work
phone number and other information in an attempt to trick
the recipient into believing that they have a connection with
the sender. The goal is to lure the victim into clicking on a
malicious URL or email attachment, so that they will hand
over their personal data.
Phishing , Vishing, whaling attacks
9. E-Banking : vulnerability Sources
– Operational Risk
Traditional banking risks + added e-banking
risks
Complexity of technology and lack of training
and awareness among employees
Internal and external frauds exploiting loop
holes in the technology
System failures and business disruption
Mis-use of confidential information
Failed or erroneous transaction processing
Reconciliation issues
Vulnerabilities in outsourced processes
Sophisticated cyber attacks
Lack of adoption of technology for internal
controls and fraud risk management
10. E-Banking: vulnerability Sources –
Strategic and Compliance risk
compliance risk which may arise from non-
conformance with laws, rules, regulations,
prescribed practices, or ethical standards.
Compliance with regard to cross border
transactions
People with technology knowledge with no
banking knowledge may be driving
in-adequacy of MIS
Costs involved in overseeing e-banking
activities, vendors
Cost and availability of technical staff to handle
diverse set of technologies involved
11. E-banking Frauds-
Characteristics and challenges
Highly imbalanced large dataset – millions of daily
transactions in which very few are frauds -to be
identified
Need of real time detection – with in seconds
transactions are complete
fraudsters continually advance their techniques to
defeat online banking defenses . Security is a catch up
game.
Weak forensic evidence mainly some external
information
diversity of genuine customer transactions makes it
difficult to characterize fraud behavior from genuine
behavior.
Lack of strong legal framework
It is reported that North koreans have developed an
advanced cyber program that steals hundreds of
millions of dollars and can trigger global havoc. State
actors.
12. E-Banking – Threats
Malware and ransom ware like Wannacry , Petya
phishing attacks through spam emails looking to steal
logon credentials
password sharing , shoulder surfing by staff
Unpatched software exploit
Hacking through Social media friend
request/application install request etc.,
Advanced persistent threat
Exploiting application level vulnerabilities like SQL
injection, Cross – site scripting , Password
guessing/cracking
Various E-com frauds /online frauds
Forged documents/deposit receipts to fraudulently
obtain loans
Data leakage from outsourced vendor locations/help
desk
Unauthorized transactions by employees in customer
accounts/ transfers through RTGS
13. E-Banking Threats
Key loggers-software & hardware- invisibly records each
key stroke of every activity and can email to hackers
Phishing, SMSishing and whaling (phishing targeting high
net worth individuals)
Man in the middle attack (MITM) MITB
Password cracking softwares – dictionary attacks, Brute
force attacks : cain & able , john the ripper, hash cat , hydra
OTP by pass
Exploiting OS, NW, database level vulnerabilities
Cloning
Hybrid attacks – combination of attacks
Fraudulent documentation involving altering, changing or
modifying documents to deceive another person
Complex partner , outsourced activity risks
Employee/privileged users committing Frauds
14. Phishing
Phishing scams are typically fraudulent
email messages or websites appearing as
legitimate enterprises
These scams attempt to gather personal,
financial and sensitive information.
Compromised Web servers – Email and IM
Port Redirection
Botnets
Simple (key loggers steal file/password),
Botnets
DNS cache poisoning attack –
16. Mobile banking vulnerabilities
The security functionality available on
the handset must be robust.
The mobile network and the methods
used to communicate between the
handset and the mobile banking provider
The degree of independence from
Mobile Network Operator
The development of near field
communication (NFC) enabled handsets
which can effectively act as a token for
local purchase-The risks of the
integration of NFC into mobile.
17. Regulations & guidelines
The e-banking has many advantages – But question marks
over its trust and performance – attract regulatory concern
Basel committee study on bank supervision – risk
implications in electronic banking by EBG in 1999.
RBI guidelines on I S Audit -2002
RBI guidelines on internet banking
Gopalakrishna committee recommendations
Cyber security checklist from IDRBT
NIST cyber security framework
ISO 27001 series
IT examination of banks by RBI
RBI guidelines on cyber security and resilience
IT Act 2000 and Amendment Act ,2008
Indian Contract Act
Criminal Procedure code
PMLA rules and IBA guidelines
18. E-Banking Fraud detection strategy
Establish transaction monitoring and fraud detection unit
in every business line
Implement centralized transaction monitoring , AML and
fraud detection software and team to monitor and
respond
Device identification using Mac, serial no and some
configuration details from user system
Global behavior monitor like large number of different
accounts accessed by a single device, or the occurrence
of login fail over many accounts using a single trial
password
Deferential analysis in which the incoming transactions
are examined against the normal use pattern for a
legitimate customer.
Global analysis with white list , black list and suspect list
of devices
Suspect list and the exponentially decaying function.
19. Security model for internet
bankingControl Description
Virtual Keyboards Capture information typed into the device based on Java and software-
based cryptography, to thwart the efficient use of key loggers.
Positive Identification Requires the user to input some information that is only known to
him/her to identify him/her self.
One-Time Password
Tokens
Devices that commonly used as a second authentication factor by
dynamically changing passwords.
Digital certificates Used to authenticate both users and the banking system itself using
Public Key Infrastructure (PKI) and a Certificate Authority (CA).
Device Registering Restricts access to banking systems to previously known and
registered devices.
Device Identification Applied together with device registering but also used as a standalone
solution. It is based on physical characteristics of users’ devices.
Browser Protection Protects the user and his/her browser against known malware by
monitoring the memory area allocated by the browser.
CAPTCHA (Completely Automated Public Turing test to tell Computers and
Humans Apart) Renders automatic attacks against ineffective
authenticated sessions.
SMS Notifies users about transactions that require their authorization.
Transaction Monitoring Includes many approaches such as Artificial Intelligence, transaction
history analysis and other methods for identifying fraud patterns.
20. E-Banking: Protections: user Level
Do not use public or other unsecured computers for logging
into Online Banking or for financial transactions (for example,
one at a library , coffee shop).
Never use public wifi and networks for e-banking transaction
Review account balances and detail transactions regularly and
immediately report any suspicious transactions to bank.
Never leave a computer unattended while using Online
Banking
Never conduct banking transactions while multiple browsers
are open on your computer
Company users dedicate a PC solely for financial transactions
(e.g., no web browsing, emails, or social media).
Strong password and periodic changing :
Subscribe to alerts - Balance alerts , Transfer alerts ,
Password change alerts, Wire Alerts
21. Establish limits for monetary transactions at multiple levels:
per transaction, daily, weekly, or monthly limits.
When you have completed a transaction, ensure you log off to
close the connection with the Bank’s computer.
Check your browser settings and select, at least, a medium
level of security for your browsers.
Never respond to a suspicious e-mail or click on any
hyperlink embedded in a suspicious e-mail. Call the purported
source if you are unsure who sent an e-mail
Install and update computers regularly with the latest versions
and patches of anti-virus and anti-spyware.
Ensure computers are patched regularly, particularly operating
system and key application with security patches
E-Banking: Protections : User
level --2
22. E-Banking: Protections : By
Banks
Identify inherent risks and controls in place and adopt
appropriate cyber security framework , org structure , policies
Maintain a updated inventory of all business assets
Periodically evaluate critical devices , their configuration and
patches
Have documented SOP for all IT related activities
Have firewall barrier between internal secure network and
any other network
Implement OWASP guidelines for applications/ ISO 27001 for
security/ NIST/ RBI/IDRBT/IBA guidelines
Comprehensively address database and network security
Establish security Operation center (SOC) to ensure
continuous surveillance
Regular VA & PT of all critical and web facing
devices/applications
Robust BCP/DR setup and regular drills
Enable /Use Virtual key boards
23. Enable OTP / Biometric / dual factor authentication
Consumer awareness programs
Malware defenses
Logging and auditing the logs
Encryption
Smart cards with external card readers
Controlled use of administrative credentials
Robust Incidence response system
Random key generators (CAPTCHA)
Install a 3D secure system (also known as Verified by Visa or
Master Card Secure Code).
Have close monitoring on the activities of outsourced vendors
Subscribe to anti-Phishing services to take down phishing websites
Data leak prevention strategy
PKI based software solution- Mutual authentication eliminates
MITM attacks
24. Controls on wireless network
Change the wireless network hardware (router
/access point) administrative password from the
factory default to a complex password.
Disable remote administration of the wireless
network hardware (router / access point).
Consider disabling broadcasting the network
SSID
Secure your wireless network by enabling
WPA/WEP encryption of the wireless network.
Consider enabling MAC filtering on the network
hardware